Which set of actions will ensure that log files are copied to the central S3 bucket from the terminated EC2 instances?

By:
On:
In: SAP-C01
Tagged:
With: 0 Comments
A company is running an application on several Amazon EC2 instances in an Auto Scaling group behind an Application Load Balancer.The load on the application varies throughout the day, and EC2 instances are scaled in and out on a regular basis.Log files from the EC2 instances are copied to a centralAmazon S3 bucket every 15 minutes.The security team discovers that log files are missing from some of the terminated EC2 instances.

Which set of actions will ensure that log files are copied to the central S3 bucket from the terminated EC2 instances?

Create a script to copy log files to Amazon S3, and store the script in a file on the EC2 instance. Create an Auto Scaling lifecycle hook and an Amazon EventBridge (Amazon CloudWatch Events) rule to detect lifecycle events from the Auto Scaling group. Invoke an AWS Lambda function on the autoscaling:EC2_INSTANCE_TERMINATING transition to send ABANDON to the Auto Scaling group to prevent termination, run the script to copy the log files, and terminate the instance using the AWS SDK.

Create an AWS Systems Manager document with a script to copy log files to Amazon S3. Create an Auto Scaling lifecycle hook and an Amazon EventBridge (Amazon CloudWatch Events) rule to detect lifecycle events from the Auto Scaling group. Invoke an AWS Lambda function on the autoscaling:EC2_INSTANCE_TERMINATING transition to call the AWS Systems Manager API SendCommand operation to run the document to copy the log files and send CONTINUE to the Auto Scaling group to terminate the instance.

Change the log delivery rate to every 5 minutes. Create a script to copy log files to Amazon S3, and add the script to EC2 instance user data. Create an Amazon EventBridge (Amazon CloudWatch Events) rule to detect EC2 instance termination. Invoke an AWS Lambda function from the EventBridge (CloudWatch Events) rule that uses the AWS CLI to run the user-data script to copy the log files and terminate the instance.

Create an AWS Systems Manager document with a script to copy log files to Amazon S3. Create an Auto Scaling lifecycle hook that publishes a message to an Amazon Simple Notification Service (Amazon SNS) topic. From the SNS notification, call the AWS Systems Manager API SendCommand operation to run the document to copy the log files and send ABANDON to the Auto Scaling group to terminate the instance.

Explanations:

This option uses theABANDONaction to prevent instance termination until logs are copied, but it also incorrectly states to terminate the instance manually using the AWS SDK. It would complicate the automation process, as the Auto Scaling group should handle instance termination.

This option correctly uses an Auto Scaling lifecycle hook to delay termination and calls an AWS Systems Manager document viaSendCommandto copy log files before termination. By sendingCONTINUEafter log transfer, it ensures seamless termination by the Auto Scaling group.

This option relies on detecting instance termination with an EventBridge rule and attempts to run a user-data script. However, it is unreliable since instance termination events may not provide sufficient time to trigger and complete log transfers before the instance is terminated.

This option sends anABANDONsignal after copying logs, which prevents the Auto Scaling group from properly terminating the instance. UsingABANDONmeans the instance will not enter the termination process, potentially leading to unnecessary costs and instance retention issues.

Leave a Reply

Your email address will not be published. Required fields are marked *

three × 3 =