Amazon CloudFront is a CDN that allows you to serve content from edge locations without having to actually stand up infrastructure around the world. However, since it’s a managed service, you have less visibility with traditional monitoring tools. As such, it becomes even more important to take advantage of the available monitoring tools in AWS. In this post, we’ll explain how to use CloudWatch to monitor CloudFront and what is important to watch.
CloudFront publishes metrics to CloudWatch minutely; looking for abnormalities and limits in these metrics is a great way to spot issues in your services and clusters. However, some metrics are better indicators of service or cluster health than others. In this section, we’ll discuss the metrics to monitor. But first, monitoring many of these metrics requires looking for anomalies specific to your instances, so we’ll explain how to do so in CloudWatch.
CloudWatch recently released Anomaly Detection in alpha preview. Their implementation exposes an upper and lower band of what is considered normal for a metric, and allows you to alert off how much the metric exceeds the threshold. Exposing these two values means that you’ll be charged for two metrics in CloudWatch.
If you don’t want to pay for anomaly detection, you’ll have to use averages to approximate it. To do so, you’ll want to look at a week of data for a metric and then determine the average high and low. Create a 10% window above the average high and below the average low and you have a good threshold for what looks healthy for your application. However, it should be noted that this method will not account for any time based variation (such as reduced traffic on weekends).
The Requests metric measures the number of requests made to your distribution. Major changes in this metric can signal issues in your application, such as errors in clients calling the distribution. To monitor Requests, create a CloudWatch alarm on the Sum statistic looking for anomalies using your chosen method.
The BytesDownloaded metric measures the number of bytes downloaded from your distribution. This metric covers many of the same situations as Requests, but can also catch issues where the number of requests stay the same, but the amount of data sent in responses has changed. To monitor BytesDownloaded, create a CloudWatch alarm on the Sum statistic looking for anomalies using your chosen method.
4xxErrorRate is the percentage of responses in the 4xx range. A spike in this metric could suggest a changed API or moved resource resulting in bad requests or auth issues. Create a CloudWatch alarm for when the Average statistic for when this metric exceeds 10%.
5xxErrorRate measures the percentage of responses in the 5xx range. If your distribution is backed by servers and this metric spikes, you likely have issues affecting your servers’ ability to respond to requests. To monitor 5xxErrorRate, create a CloudWatch alarm for when the Average statistic for when this metric exceeds 10%.
How to View CloudWatch Metrics for CloudFront
CloudWatch metrics for CloudFront can be viewed normally through the Metrics portion of CloudWatch, but it is also possible to use the Monitoring section in the CloudFront console. Choose the distribution to see several metric graphs describing its health.
Now that we’ve determined which metrics to monitor, let’s talk about how to create CloudWatch alarms on those metrics. CloudWatch alarms are created from the CloudWatch console.
Unfortunately, since CloudWatch only supports creating an alarm on a single metric, you’ll have to repeat the whole process for each service and metric combination. This can get incredibly time consuming and tedious.
Now you know how to monitor Amazon CloudFront using CloudWatch. However, it can be error prone and tedious to set up CloudWatch monitoring for all your distributions (and remembering to do it for distributions you create in the future is tough!). Even after you get your alarms set up, your distributions will continue to change, so expect to spend time tweaking thresholds.
Instead, take the manual work out of monitoring your distributions and use Blue Matador’s automatic setup to effortlessly watch for anomalies and errors within Amazon CloudFront without any configuration. This is especially important in a system like CloudFront, where monitoring depends heavily on anomaly detection. Get started on automatic alerting with Blue Matador now!
