What should a solutions architect do to meet these requirements when configuring the logs?
Use Amazon CloudWatch as the target. Set the CloudWatch log group with an expiration of 90 days
Use Amazon Kinesis as the target. Configure the Kinesis stream to always retain the logs for 90 days.
Use AWS CloudTrail as the target. Configure CloudTrail to save to an Amazon S3 bucket, and enable S3 Intelligent-Tiering.
Use Amazon S3 as the target. Enable an S3 Lifecycle policy to transition the logs to S3 Standard-Infrequent Access (S3 Standard-IA) after 90 days.
Explanations:
While Amazon CloudWatch can be used for logging, setting an expiration of 90 days would not fulfill the requirement of frequent access for the first 90 days followed by intermittent access. CloudWatch Logs do not support lifecycle policies to transition data to lower-cost storage options, making it unsuitable for long-term retention and cost management.
Amazon Kinesis is primarily used for real-time data streaming and processing, not for long-term log storage. Although it can retain logs for a configurable duration, it does not provide an efficient way to manage costs associated with long-term storage, and accessing logs from Kinesis would not align with the requirement for periodic access.
AWS CloudTrail is used for logging API calls and events rather than capturing network traffic. While it can be configured to save logs to an S3 bucket and S3 Intelligent-Tiering could help manage costs, it does not meet the requirement for capturing VPC Flow Logs specifically.
Using Amazon S3 as the target for VPC Flow Logs allows for long-term storage, and enabling an S3 Lifecycle policy to transition logs to S3 Standard-IA after 90 days meets the requirement for frequent access initially and intermittent access thereafter. This option is cost-effective and suitable for managing log retention efficiently.