Which solution will meet this requirement?
Log in to each account four times a day. Filter the required CloudWatch Logs data. Copy and paste the logs into an Amazon S3 bucket that is in the security engineer’s account.
Set up CloudWatch Logs Insights in each account. Use CloudWatch Logs subscriptions to send the CloudWatch Logs Insights query results to the security engineer’s account.
Set up an AWS Config aggregator to collect AWS configuration data from multiple sources. View the aggregator data from the security engineer’s account.
Set up Amazon CloudWatch cross-account log data sharing with subscriptions in each account. Send the logs to an Amazon Kinesis Data Firehose stream in the security engineer’s account.
Explanations:
Logging in multiple times per day and manually copying and pasting logs into an S3 bucket is inefficient, error-prone, and does not provide real-time log aggregation.
CloudWatch Logs Insights queries are for analyzing logs, but they are not designed for aggregating logs across multiple accounts. Also, CloudWatch Logs subscriptions send log data, not query results.
AWS Config is used for configuration management and compliance monitoring, not for aggregating CloudWatch Logs. It does not support log aggregation.
Amazon CloudWatch cross-account log data sharing with subscriptions allows logs from multiple accounts to be sent to a centralized location (such as Kinesis Data Firehose), enabling near real-time analysis.
To the best of my knowledge, the answer is:
Set up Amazon CloudWatch cross-account log data sharing with subscriptions in each account. Send the logs to an Amazon Kinesis Data Firehose stream in the security engineer’s account.