Which strategy a solutions architect use to meet these requirements?
Configure CloudTrail and VPC Flow Logs in each AWS account to send data to a centralized Amazon S3 bucket in the logging account. Create and AWS Lambda function to load data from the S3 bucket to Amazon ES in the logging account.
Configure CloudTrail and VPC Flow Logs to send data to a log group in Amazon CloudWatch account. Configure a CloudWatch subscription filter in each AWS account to send data to Amazon Kinesis Data Firehouse in the logging account. Load data from Kinesis Data Firehouse into Amazon ES in the logging account.
Configure CloudTrail and VPC Flow Logs to send data to a separate Amazon S3 bucket in each AWS account. Create an AWS Lambda function triggered by S3 events to copy the data to a centralized logging bucket. Create another Lambda function to load data from the S3 bucket to Amazon ES in the logging account.
Configure CloudTrail and VPC Flow Logs to send data to a log group in Amazon CloudWatch Logs in each AWS account. Create AWS Lambda functions in each AWS accounts to subscribe to the log groups and stream the data to an Amazon S3 bucket in the logging account. Create another Lambda function to load data from the S3 bucket to Amazon ES in the logging account.
Explanations:
This option centralizes the logs in an S3 bucket but does not provide a near-real-time data analysis solution. The process of loading data from S3 to Amazon ES can introduce delays, making it unsuitable for near-real-time analysis.
This option uses CloudWatch Logs to aggregate logs and sends them to Kinesis Data Firehose, which can deliver data to Amazon ES in near real time. This architecture supports the requirement for real-time analysis and centralization of logs across multiple AWS accounts.
While this option centralizes the logs in S3 buckets, it introduces unnecessary complexity by having separate S3 buckets in each account. The delay in processing logs from S3 to Amazon ES also fails to meet the near-real-time requirement.
This option does utilize CloudWatch Logs but requires multiple Lambda functions for streaming logs to S3, which could introduce latency. The need to first move logs to S3 before processing in Amazon ES means it doesn’t fully support near-real-time analysis, making it less efficient than option B.
If memory serves me right, the answer is:
Configure CloudTrail and VPC Flow Logs to send data to a log group in Amazon CloudWatch account. Configure a CloudWatch subscription filter in each AWS account to send data to Amazon Kinesis Data Firehouse in the logging account. Load data from Kinesis Data Firehouse into Amazon ES in the logging account.