Which solution will meet these requirements with the LARGEST performance improvement?

By:
In: SAP-C02
Tagged:
With: 1 Comment
A company deploys workloads in multiple AWS accounts.Each account has a VPC with VPC flow logs published in text log format to a centralized Amazon S3 bucket.Each log file is compressed with gzip compression.The company must retain the log files indefinitely.A security engineer occasionally analyzes the logs by using Amazon Athena to query the VPC flow logs.The query performance is degrading over time as the number of ingested logs is growing.A solutions architect must improve the performance of the log analysis and reduce the storage space that the VPC flow logs use.

Which solution will meet these requirements with the LARGEST performance improvement?

Create an AWS Lambda function to decompress the gzip files and to compress the files with bzip2 compression. Subscribe the Lambda function to an s3:ObjectCreated:Put S3 event notification for the S3 bucket.

Enable S3 Transfer Acceleration for the S3 bucket. Create an S3 Lifecycle configuration to move files to the S3 Intelligent-Tiering storage class as soon as the files are uploaded.

Update the VPC flow log configuration to store the files in Apache Parquet format. Specify hourly partitions for the log files.

Create a new Athena workgroup without data usage control limits. Use Athena engine version 2.

Explanations:

While bzip2 compression may provide better compression ratios compared to gzip, simply changing the compression format will not significantly improve query performance in Athena or reduce storage costs effectively. The focus should be on optimizing the data format for query efficiency rather than just compression.

Enabling S3 Transfer Acceleration and moving files to the S3 Intelligent-Tiering storage class improves upload speed and storage cost efficiency but does not address the performance degradation of querying VPC flow logs in Athena. The primary issue lies in the query performance due to the volume of logs, not in data transfer speed or storage class.

Updating the VPC flow log configuration to store the logs in Apache Parquet format will significantly improve query performance in Athena. Parquet is a columnar storage format that is optimized for read performance, reducing the amount of data scanned during queries. Hourly partitions further enhance performance by enabling more efficient query filtering and reducing the data that needs to be read. This approach also helps with storage optimization, as Parquet files are generally smaller than their text log counterparts.

Creating a new Athena workgroup without data usage control limits and using Athena engine version 2 may improve performance due to engine enhancements, but it does not address the fundamental issue of data format and storage efficiency. Query performance is more effectively improved through data format optimization (like Parquet) rather than just engine versioning or workgroup settings.

2025-10-12

1 Comment

  1. Abigail
    Author

    I rank that the answer is:
    Update the VPC flow log configuration to store the files in Apache Parquet format. Specify hourly partitions for the log files.

Leave a Reply

Your email address will not be published. Required fields are marked *

3 × two =