What are CloudWatch custom metrics, and how do you publish them?
AWS · Intermediate level
Answer
Custom CloudWatch metrics are application or business metrics that AWS does not emit by default. I publish them through SDK/CLI, CloudWatch Agent, or embedded metric format, and use them for SLOs, alarms, dashboards, and scaling.
Technical explanation
Avoid high-cardinality custom metric dimensions such as userId because they can create high cost and noisy dashboards.
Observability should answer symptoms, cause, scope, and owner: metrics show trends and alerts, logs provide context, traces connect calls, and audit logs attribute changes.
Alert only on actionable conditions such as user impact, fast SLO burn, saturation, unhealthy capacity, or security-sensitive changes.
Centralize retention and access policies so operational debugging and audit investigations are possible without exposing sensitive logs unnecessarily.
Hands-on example
1. Enable the relevant telemetry source: CloudWatch metrics/logs, CloudTrail, Config, ALB logs, VPC Flow Logs, or application structured logs.
2. Create a dashboard and one actionable alarm tied to user impact or security risk.
3. Trigger a controlled change or failure and verify that the signal appears with enough context to identify owner and root cause.
4. Document the query, dashboard link, alarm routing, and runbook action.
Check how well your resume matches the role with our free resume checker— match score, ATS check, and the skills you're missing.
More AWS interview questions
- What is the AWS shared responsibility model, and where is the line between AWS and the customer?
- Explain the difference between a Region, an Availability Zone, and an Edge Location.
- What is a VPC, and what are its core components (subnets, route tables, IGW, NAT)?
- Difference between a public and a private subnet, and how does each reach the internet?
- What is the difference between a Security Group and a Network ACL?
- Are Security Groups stateful or stateless? What about NACLs?
- What is an Internet Gateway versus a NAT Gateway, and when do you need each?
- How does a NAT Gateway differ from a NAT instance?