AWSAWS SAA-C03

AWS Monitoring and Observability Explained for AWS SAA-C03

Deploying an application to AWS and assuming it runs fine is how outages become surprises. Monitoring is how you know the application is behaving as expected, how you catch problems before users report them, and how you diagnose what went wrong when something breaks. AWS offers overlapping but distinct tools: CloudWatch collects metrics and logs from your resources, X-Ray traces requests across distributed services, CloudTrail audits every API call, EventBridge connects services with event-driven reactions, and AWS Config tracks configuration changes over time. The SAA-C03 exam tests which tool answers which type of question about your running environment.

8 min

3 sections · 7 exam key points

CloudWatch: metrics, logs, and alarms

CloudWatch is the central monitoring service. Every AWS resource publishes metrics to CloudWatch automatically: EC2 reports CPU utilization, network traffic, and disk I/O. RDS reports database connections, free storage, and read/write latency. Lambda reports invocation count, duration, and error rate. You can also publish custom metrics from your application code: business metrics like orders per minute or application metrics like queue depth.

CloudWatch Logs collects log files from EC2 instances (via the CloudWatch Agent), Lambda functions, API Gateway, VPC Flow Logs, and CloudTrail. Log groups organize related logs. Log streams are individual sources within a group. CloudWatch Logs Insights lets you run SQL-like queries against log data to analyze patterns, find errors, and extract statistics without shipping logs to a separate analytics tool.

CloudWatch Alarms watch a metric and trigger an action when the metric crosses a threshold: send an SNS notification, trigger an Auto Scaling action, or stop/terminate an EC2 instance. Composite alarms combine multiple alarms with AND/OR logic to reduce alert noise. CloudWatch Dashboards create visual panels of metrics from across multiple services and accounts in a single view.

X-Ray, EventBridge, and AWS Config

X-Ray provides distributed tracing for applications composed of multiple services. When a user request flows through API Gateway, through a Lambda function, into a DynamoDB table, and back, X-Ray tracks the entire path with timing for each segment. The service map visualizes which services are talking to each other and where latency is occurring. X-Ray is how you answer the question: this request took 800ms total, which part was slow?

EventBridge (formerly CloudWatch Events) is an event bus that connects AWS services, third-party SaaS applications, and your own applications. You define rules that match event patterns and route matching events to targets: Lambda functions, SQS queues, Step Functions workflows, ECS tasks. For example, a rule that fires when GuardDuty creates a finding of high severity and invokes a Lambda function to isolate the affected EC2 instance. EventBridge Scheduler creates scheduled invocations for recurring tasks.

AWS Config continuously records the configuration state of your AWS resources and evaluates them against rules you define. It answers the question: when did this security group change, and who changed it? Config rules detect non-compliant resources, such as S3 buckets with public access enabled or EC2 instances without encryption. Config is compliance and configuration history: not what is happening right now, but what changed and when.

How to choose the correct answer

CloudWatch Metrics: numeric time-series data from AWS services and custom sources. Alarms trigger actions on threshold breaches.

CloudWatch Logs: log file collection and querying. Logs Insights for ad-hoc analysis. Log groups and streams organize data.

X-Ray: distributed tracing across multiple services. Latency analysis, service maps, error debugging in microservices.

CloudTrail: API call audit log. Who called what API, when, from which IP. Security investigation and compliance audit.

EventBridge: event-driven reactions to AWS service events, scheduled tasks, SaaS integrations. Rule-based routing to targets.

AWS Config: resource configuration history and compliance evaluation. What changed, when, and is it compliant with rules.

CloudWatch vs CloudTrail: CloudWatch monitors performance and behavior. CloudTrail records who did what to your AWS resources.

AWS observability services

Service	What it answers	Primary data type
CloudWatch Metrics	Is my resource healthy? Is it performing?	Time-series numeric metrics
CloudWatch Logs	What did my application log?	Log events in log groups
X-Ray	Where is the latency in this request path?	Distributed trace segments and subsegments
CloudTrail	Who made this API call? When?	API call records with identity, time, parameters
EventBridge	What should happen when this event fires?	Event patterns and routing rules
AWS Config	What was the resource configuration? Did it change?	Configuration snapshots and change history

Key exam facts — AWS SAA-C03

CloudWatch basic monitoring: 5-minute intervals (free). Detailed monitoring: 1-minute intervals (additional cost).
CloudWatch custom metrics: publish application-level data via PutMetricData API or embedded metric format in logs.
CloudWatch Alarms states: OK, ALARM, INSUFFICIENT_DATA. Actions trigger on state change.
X-Ray: requires SDK instrumentation in application code or X-Ray daemon on EC2/ECS. Passive sampling.
CloudTrail: logs management events (API calls) by default. Data events (S3 object-level, Lambda invocations) require explicit enablement.
EventBridge: replaces CloudWatch Events. Supports 200+ AWS services, SaaS partners, and custom events.
AWS Config rules: managed rules (pre-built) or custom Lambda-backed rules. Remediation can be automated.

Common exam traps

CloudWatch and CloudTrail do the same thing.

CloudWatch monitors resource health and application performance through metrics and logs from running systems. CloudTrail audits the control plane: who called which AWS API, when, and from where. If an EC2 instance is running slowly, CloudWatch tells you. If someone unexpectedly terminated that instance, CloudTrail tells you.

X-Ray automatically traces all services without code changes.

X-Ray requires instrumentation. For EC2 and on-premises applications, you install the X-Ray daemon and add the X-Ray SDK to your code. Lambda functions have native X-Ray integration that you enable with a configuration toggle, but you still need the SDK for custom subsegments. Services like API Gateway and ALB can be enabled for X-Ray tracing without code changes, but the application services between them still require instrumentation.

AWS Config detects and alerts on security incidents in real time.

AWS Config is designed for configuration tracking and compliance evaluation, not real-time threat detection. Config evaluates whether resource configurations comply with rules, typically with a slight delay. For real-time threat detection, use GuardDuty. For real-time API anomaly detection, use CloudTrail with CloudWatch alarms or Insights.

Practice this topic

AWS SAA-C03practice questions

Test yourself on Monitoring & Observability

JT Exams routes you to questions in your exact weak areas — automatically, after every session.

Free practice test Start 7-Day Free Trial

No credit card · Cancel anytime