Operations | Monitoring | ITSM | DevOps | Cloud

Each November, AWS re:Invent draws thousands of AWS staff, partners, and users to Las Vegas for an intense week featuring all things AWS and AWS-related. As always, Datadog will be there and we’d love to meet you in person. Our engineers are excited to show off the new features they’ve been building and to answer your monitoring questions!

Welcome savvy builder. If you’ve made it to our corner of the Internet and headed to re:invent, you are in the right place. We want you to leave Las Vegas with the savvy to choose how and when to apply the growing menu of serverless capabilities to your initiatives. To help you, we’re sending our serverless-first engineers to Las Vegas with three goals.

I don’t know what to say about this post… I found something weird while investigating PPS on EC2. It seems to correlate with CPU credits on t1/t2/t3 instances, but is consistently inconsistent in presentation. It only shows up when you track the stats yourself, because Cloudwatch doesn’t show the 1-second granularity needed to see these numbers.

Still referencing Best Practices for Managing AWS Access Keys, best practices recommends that root access keys are never used and should be completely removed from your AWS account. Instead, IAM users with limited permissions should be used. In fact, Skeddly even prevents root access keys from being registered with Skeddly. We always recommend using IAM third-party roles, however, access keys can still be used. And we only allow IAM user access keys to be registered.

While benchmarking packets per second (PPS) in AWS EC2 and searching for hard-coded or other software-based limitations, my early findings suggested that there definitely was a credit mechanism, complete with network throttling, in place. I now know that to be false, since finding the guaranteed throughput / best effort mechanic.

We have read with great interest the recently released The New Stack ebook entitled: Guide to Serverless Technologies. It is a great report with great insights! We encourage you to read it as well (it's free!). We have recently closed our own survey and are tabulating the results and have seen many similarities and some differences in the responses. Weighing in on the findings of the New Stack survey in advance of releasing our report, we wanted to comment on three key themes from this eBook…

According to Best Practices for Managing AWS Access Keys, if you must utilize IAM access keys, it is best to remove or disable unused keys. This will close possible security holes in your AWS account. Today, we’re happy to announce a new action to help with this task: Disable Unused IAM Access Keys. This new action will iterate through the IAM users in your AWS account, determine when any access keys were last used, and if they were not used inside a configurable threshold, disable the keys.

We are very excited to announce a new capability for our Amazon S3 sources. Until recently, the only method Sumo Logic used for discovering new data in an S3 bucket was periodic polling. However, with our new notification-based approach, users can now configure S3 sources such that Sumo Logic is notified immediately (via AWS SNS) whenever a new item is added to an S3 bucket, eliminating the need to wait for new objects to be discovered via periodic polling.

We’re excited to announce the general availability of our new On-Prem, Self-Hosted, and Multi-Cloud logging platforms. Our customers will have the capability to log data in their infrastructure of choice. Whether across multiple public/private clouds or within a customer’s own data center, logs can be viewed through a unified interface while addressing any data locality and performance requirements.

As Cota Healthcare moved to Kubernetes on Google Cloud, it chose Sysdig for Kubernetes monitoring and container security. With Sysdig, Cota accelerates healthcare service development, improves capacity planning, fixes issues rapidly, and strengthens its security posture.