Which combination of steps should a DevOps engineer take to meet these requirements?
(Choose two.)
Configure a CloudWatch Logs subscription filter to use AWS Glue to transfer all logs to an S3 bucket.
Configure a CloudWatch Logs subscription filter to use Amazon Kinesis Data Firehose to stream all logs to an S3 bucket.
Configure a CloudWatch Logs subscription filter to stream all logs to an S3 bucket.
Configure the S3 bucket lifecycle policy to transition logs to S3 Glacier after 90 days and to expire logs after 3.650 days.
Configure the S3 bucket lifecycle policy to transition logs to Reduced Redundancy after 90 days and to expire logs after 3.650 days.
Explanations:
AWS Glue is primarily used for data transformation and ETL (extract, transform, load) tasks, and is not typically used for direct log transfer from CloudWatch Logs to S3. A subscription filter with AWS Glue does not address the requirement for archiving logs effectively.
Using a CloudWatch Logs subscription filter with Amazon Kinesis Data Firehose allows real-time streaming of logs to an S3 bucket. This is a suitable method for capturing logs and ensuring they are archived in S3.
While a CloudWatch Logs subscription filter can stream logs, it must be integrated with a service like Kinesis Data Firehose or AWS Lambda to transfer logs to S3. Without such integration, this option alone does not specify how logs will be sent to S3, making it incorrect.
Configuring an S3 bucket lifecycle policy to transition logs to S3 Glacier after 90 days ensures that the logs are archived cost-effectively and meet the retention requirement of 10 years, with expiration set for 3,650 days (10 years).
Transitioning logs to Reduced Redundancy Storage (RRS) does not provide the same level of durability as standard S3 or Glacier. Additionally, RRS is not intended for archiving purposes, making this option unsuitable for long-term retention of logs.