Which combination of steps should the solutions architect take to meet the requirements?

By:
On:
In: SAP-C02
Tagged:
With: 0 Comments
A company needs to aggregate Amazon CloudWatch logs from its AWS accounts into one central logging account.The collected logs must remain in the AWS Region of creation.The central logging account will then process the logs, normalize the logs into standard output format, and stream the output logs to a security tool for more processing.A solutions architect must design a solution that can handle a large volume of logging data that needs to be ingested.Less logging will occur outside normal business hours than during normal business hours.The logging solution must scale with the anticipated load.The solutions architect has decided to use an AWS Control Tower design to handle the multi-account logging process.

Which combination of steps should the solutions architect take to meet the requirements?

(Choose three.)

Create a destination Amazon Kinesis data stream in the central logging account.

Create a destination Amazon Simple Queue Service (Amazon SQS) queue in the central logging account.

Create an IAM role that grants Amazon CloudWatch Logs the permission to add data to the Amazon Kinesis data stream. Create a trust policy. Specify the trust policy in the IAM role. In each member account, create a subscription filter for each log group to send data to the Kinesis data stream.

Create an IAM role that grants Amazon CloudWatch Logs the permission to add data to the Amazon Simple Queue Service (Amazon SQS) queue. Create a trust policy. Specify the trust policy in the IAM role. In each member account, create a single subscription filter for all log groups to send data to the SQS queue.

Create an AWS Lambda function. Program the Lambda function to normalize the logs in the central logging account and to write the logs to the security tool.

Create an AWS Lambda function. Program the Lambda function to normalize the logs in the member accounts and to write the logs to the security tool.

Explanations:

Creating a destination Amazon Kinesis data stream in the central logging account allows for scalable ingestion of log data from multiple accounts. Kinesis is designed to handle large volumes of streaming data, making it suitable for processing logs in real-time.

While an Amazon Simple Queue Service (Amazon SQS) queue could be used for message queuing, it is not as well-suited for high-volume streaming log data compared to Kinesis. SQS is more appropriate for decoupling components rather than handling continuous log streams that require real-time processing.

Creating an IAM role that allows Amazon CloudWatch Logs to add data to the Kinesis data stream, along with a trust policy, enables the member accounts to send log data securely. The subscription filter for each log group ensures that all relevant log events are forwarded to the Kinesis stream, facilitating centralized processing.

Similar to option B, while using an SQS queue is possible, creating a single subscription filter for all log groups in each member account would lead to bottlenecks and inefficiencies in log processing, especially during high-volume logging periods. This approach does not scale effectively with the anticipated load.

An AWS Lambda function in the central logging account can be programmed to normalize logs and forward them to a security tool. Lambda can efficiently process incoming log data and is well-suited for handling transformations or integrations with other services.

Normalizing logs in the member accounts with a Lambda function contradicts the requirement of centralizing log processing. The processing should occur in the central logging account to maintain consistency and efficiency in handling logs before sending them to the security tool.

Leave a Reply

Your email address will not be published. Required fields are marked *

eighteen + fifteen =