Which solution will accomplish this with the LEAST amount of effort?

By:
On:
In: SOA-C01
Tagged:
With: 0 Comments
A company in a highly regulated industry has just migrated an Amazon EC2 based application to AWS.For compliance reasons, all network traffic data between the servers must be captured and retained.

Which solution will accomplish this with the LEAST amount of effort?

Set up AWS CloudTrail on the VPC. Configure Amazon CloudWatch Logs as the destination.

Set up AWS CloudTrail on the VPC. Configure Amazon S3 as the destination.

Set up flow logs at the elastic network interface level. Configure Amazon S3 as the destination.

Set up flow logs at the VPC level. Configure Amazon S3 as the destination.

Explanations:

AWS CloudTrail logs API activity, not network traffic. This doesn’t capture network traffic data.

AWS CloudTrail logs API activity, not network traffic. Also, CloudTrail logs are not ideal for traffic data capture.

Flow logs at the elastic network interface level capture traffic at a specific interface, not across the entire VPC.

Flow logs at the VPC level capture all network traffic data between instances, and can be stored in Amazon S3 for retention.

Leave a Reply

Your email address will not be published. Required fields are marked *

6 − 3 =