AWS CloudWatch Cheatsheet

Top commands.

Overview

The CloudWatch CLI cheatsheet captures the patterns operators actually use during AWS metrics, logs, and alarms investigation. Fluency at CloudWatch shortens incident response and replaces hand-rolled scripts with the platform’s native primitives.

• Top commands. get-metric-data, describe-alarms, filter-log-events; the three that cover most investigation paths.
• Metric Math. Compute metrics from other metrics; the alternative is custom code in a Lambda; reduce moving parts.
• Logs Insights. SQL-like log query language; replaces ad-hoc grep across log streams; supports investigation at scale.
• Composite alarms. Combine alarm states with AND/OR logic; reduces alert fatigue by routing only the meaningful combinations.

The approach

The practical approach: get-metric-data for time-series queries, Logs Insights for investigation, composite alarms for routing. The team’s discipline produces fast investigation without custom tooling.

• get-metric-data. Time-series metric query with Metric Math; cheap, scriptable, replaces dashboard screenshots.
• filter-log-events. Log query for known patterns; first call when an alert names a specific log line.
• start-query (Logs Insights). SQL-like query; supports aggregation, filtering, time-binning across log streams.
• Composite alarms. Combine state across alarms; "high error rate AND high latency" reduces noise vs either alone.
• Document the queries. Per-investigation queries committed to the runbook; the next incident starts from precedent.

Why this compounds

CloudWatch fluency compounds across investigations. Each query teaches an AWS observability pattern; investigation expertise accrues; cost-per-question falls as the team’s muscle grows.

• Faster investigation. Fluent CloudWatch produces fast root cause; queries return in seconds, not minutes.
• Better observability. Right queries reveal real patterns; the platform’s primitives beat hand-rolled abstractions.
• Reduced alert fatigue. Composite alarms produce signal not noise; on-call trust is preserved.
• Institutional knowledge. Each query teaches AWS APIs; the team’s observability muscle grows.

CloudWatch fluency is an operational discipline that pays off across years. Nova AI Ops integrates with CloudWatch telemetry, surfaces patterns, and supports the team’s observability discipline.