Which solution will meet these requirements?

By:
On:
In: SAP-C01
Tagged:
With: 0 Comments
A company deploys a new web application.As part of the setup, the company configures AWS WAF to log to Amazon S3 through Amazon Kinesis Data Firehose.The company develops an Amazon Athena query that runs once daily to return AWS WAF log data from the previous 24 hours.The volume of daily logs is constant.However, over time, the same query is taking more time to run.A solutions architect needs to design a solution to prevent the query time from continuing to increase.The solution must minimize operational overhead.

Which solution will meet these requirements?

Create an AWS Lambda function that consolidates each days AWS WAF logs into one log file.

Reduce the amount of data scanned by configuring AWS WAF to send logs to a different S3 bucket each day.

Update the Kinesis Data Firehose configuration to partition the data in Amazon S3 by date and time. Create external tables for Amazon Redshift. Configure Amazon Redshift Spectrum to query the data source.

Modify the Kinesis Data Firehose configuration and Athena table definition to partition the data by date and time. Change the Athena query to view the relevant partitions.

Explanations:

While consolidating AWS WAF logs into a single log file might simplify data management, it does not address the underlying issue of increasing query times. The Athena query performance will still degrade over time if the amount of data continues to grow, regardless of how the logs are consolidated. This option adds complexity and operational overhead without effectively solving the problem.

Sending logs to a different S3 bucket each day does not reduce the overall volume of data being scanned by Athena. It merely changes the location of the logs. Athena queries still need to scan all relevant data to return results, so this approach will not improve query performance over time.

Although partitioning the data in S3 by date and time would help improve query performance by reducing the amount of data scanned, creating external tables for Amazon Redshift and using Redshift Spectrum adds unnecessary complexity and operational overhead. This solution requires managing both Athena and Redshift, which may not be needed in this context.

Modifying the Kinesis Data Firehose configuration and the Athena table definition to partition the data by date and time is an effective solution. This approach allows Athena to read only the relevant partitions when executing queries, thus reducing the amount of data scanned and improving query performance. It also minimizes operational overhead, as it maintains a straightforward architecture while addressing the performance issue.

Leave a Reply

Your email address will not be published. Required fields are marked *

four × five =