In my last post, I covered some of the tools that AWS admins use to manage Amazon’s cloud. In part 5 of this series, I will discuss a few networking and monitoring services that also belong in the domain of system administrators working in Amazon’s cloud.

Virtual Private Cloud (VPC) ^

The term Virtual Private Cloud (VPC) is perhaps a bit misleading because a “private cloud” usually refers to an on-premises cloud infrastructure. A VPC is essentially just a virtual network or VLAN, albeit a very sophisticated one. The virtual network connects EC2 instances (virtual machines) to each other or to other AWS services. You can also use VPC to connect computers in your on-premises network through VPN to Amazon’s cloud. The latter feature allows you to run your on-premises servers in the same IP subnet as your EC2 virtual machines.

Virtual Private Cloud (VPC)

Virtual Private Cloud (VPC)

A VPC is isolated from other VPCs and the Internet through a software firewall (in Amazon terminology, a security group) and can contain multiple private and public subnets. A VPC may span multiple Availability Zones (Amazon data centers) within a certain region (US east, for example).

Direct Connect ^

Direct Connect is a service for organizations that don’t want to connect their data center to Amazon’s cloud through the public Internet. The advantages of using a dedicated physical network over the public Internet are better security, higher bandwidth, and lower network latency.

Simple Email Service (SES) ^

Simple Email Service (SES) is an SMTP service that you can use to send emails. Notice that SES is not an email hosting service. That is, you can’t receive emails or store mailboxes on SES. Thus far, Amazon doesn’t provide such a service.

Simple Email Service (SES)

Simple Email Service (SES)

SES is often used by admins to send emails from EC2 instances. Since EC2 is frequently abused by spammers, many EC2 IP addresses are in the block lists of anti-spam organizations. The requirements that you have to fulfill before you can send emails through SES are pretty steep, and the service is therefore not interesting for spammers. You can send emails with SES through its API, through the SMTP module of your application, or by using SDKs.

Route 53 ^

Route 53 is Amazon’s Domain Name Service (DNS). Aside from the fact that Route 53 is cloud-based and therefore highly scalable, it supports latency-based routing. If you offer a service that spans multiple regions, Route 53 returns the IP address of a server nearest to the client.

Route 53

Route 53

A few days ago Amazon added the new health check feature to Route 53 that allows you to monitor the availability of websites. In case of an outage you can use Route 53’s DNS failover feature to redirect visitors to an alternate server.

CloudWatch ^

CloudWatch is Amazon’s monitoring service. You can monitor EC2 instances, EBS volumes, Elastic Load Balancing, RDS DB instances, SQS queues, SNS topics, ElastiCache nodes, DynamoDB tables, Elastic MapReduce, Redshift, Route 53, OpsWorks, Storage Gateways, Auto Scaling groups, and even your estimated AWS bill. (I will discuss some of these services in the next posts.) Typical examples for CloudWatch metrics are CPU utilization, disk read bytes, network in, and status check failed. In addition to the AWS metrics, you can submit custom metrics generated by any kind of application.



CloudWatch enables you to track the metrics in the AWS Management Console, through the CloudWatch API, and via SDKs. You can send notifications and set Alarms that cause actions (for example, stop an EC2 instance or perform an auto scaling action).

CloudWatch - Create Alarm

CloudWatch - Create Alarm

Ten metrics per EC2 instance at five-minute intervals are free. If you need more metrics or shorter intervals, you have to pay.

CloudTrail ^

CloudTrail allows you to log most of the things you do in Amazon’s cloud. The free service logs all API calls made via the AWS Management Console, the AWS SDKs, the command line tools, and higher-level AWS services such as OpsWorks or CloudFormation.



It usually takes about 15 minutes for an API call to appear in the log. CloudTrail allows you to publish SNS notifications that inform you when a new log file was created. The compressed log files are stored on S3, and you can access them through the S3 console or the S3 API. Those log files are hard to read for humans; however, Amazon partners such as AlertLogic, Boundary, Loggly, Splunk, and Sumologic offer tools to analyze CloudTrail logs.

CloudTrail is currently in beta and is only supported in the US East (Northern Virginia) region and the US West (Oregon) region.

The next part in my Amazon cloud series covers the AWS content distribution services CloudFront, CloudSearch, Elastic Transcoder, Simple Notification Service (SNS), and the Simple Workflow (SWF).


Leave a reply

Your email address will not be published.


© 4sysops 2006 - 2022


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account