A company is setting up a centralized logging solution on AWS and has several requirements. The company wants its Amazon CloudWatch Logs and VPC Flow logs to come from different sub accounts and to be delivered to a single auditing account. However, the number of sub accounts keeps changing. The company also needs to index the logs in the auditing account to gather actionable insight.
How should a DevOps Engineer implement the solution to meet all of the company’s requirements?
A. Use AWS Lambda to write logs to Amazon ES in the auditing account. Create an Amazon CloudWatch subscription filter and use Amazon Kinesis Data Streams in the sub accounts to stream the logs to the Lambda function deployed in the auditing account.
B. Use Amazon Kinesis Streams to write logs to Amazon ES in the auditing account. Create a
CloudWatch subscription filter and use Kinesis Data Streams in the sub accounts to stream the logs to the Kinesis stream in the auditing account.
C. Use Amazon Kinesis Firehose with Kinesis Data Streams to write logs to Amazon ES in the auditing account. Create a CloudWatch subscription filter and stream logs from sub accounts to the Kinesis stream in the auditing account.
D. Use AWS Lambda to write logs to Amazon ES in the auditing account. Create a CloudWatch
subscription filter and use Lambda in the sub accounts to stream the logs to the Lambda function deployed in the auditing account.
C
技巧:排除明顯錯誤選項,在沒有明顯錯誤的選項中選擇最合理的選項。
該題目的需求是,需要在AWS上設置一個集中式的日志解決方案,實現來自不同的子賬戶的 Amazon CloudWatch Logs和VPC Flow logs,被傳送到一個單獨的審計賬戶。同時子賬戶的數量是不斷變化的。公司需要在審計賬戶中對日志進行索引,以便獲取可操作的見解。
A. 不正確。使用 AWS Lambda 將日志寫入審計賬戶中的 Amazon ES(Elasticsearch Service)。在子賬戶中創建 Amazon CloudWatch 訂閱過濾器,并使用 Amazon Kinesis Data Streams 將日志流傳輸送到部署在審計賬戶中的Lambda函數。這個選項使用 Lambda 來寫入Amazon ES,Lambda與ES的直接集成不是標準做法,它還需要額外的配置來確保日志能夠正確地從子賬戶傳輸到審計賬戶。
B. 不正確。使用Amazon Kinesis Streams將日志寫入審計賬戶中的Amazon ES(Elasticsearch Service)。在子賬戶中創建CloudWatch訂閱過濾器,并使用Kinesis Data Streams將日志流傳輸送到審計賬戶中的Kinesis流。這個方案依賴于Kinesis Streams作為日志的傳輸中介,但Kinesis Streams本身并不直接支持將日志寫入ES。還需要額外的步驟或服務來將Kinesis Streams中的數據傳輸到ES。
C. 正確。使用 Amazon Kinesis Firehose 與 Kinesis Data Streams 配合,將日志寫入審計賬戶中的Amazon ES(Elasticsearch Service)。在子賬戶中創建CloudWatch訂閱過濾器,并將日志從子賬戶流傳輸送到審計賬戶中的Kinesis Stream。這個選項是合理的。CloudWatch Logs的訂閱過濾器可以將日志數據發送到Kinesis Data Streams。然后,Kinesis Firehose可以從Kinesis Data Streams中讀取數據,并將其直接寫入Amazon ES,這樣可以對日志進行索引和搜索。這種架構能夠靈活地處理來自多個子賬戶的日志,并且當子賬戶數量變化時,只需要調整訂閱過濾器和Kinesis Firehose的配置即可。
D. 不正確。使用 AWS Lambda 將日志寫入審計賬戶中的 Amazon ES。在子賬戶中創建CloudWatch 訂閱過濾器,并使用子賬戶中的 Lambda 將日志流傳輸送到部署在審計賬戶中的 Lambda 函數。這個選項也依賴于Lambda來處理日志,但Lambda通常不是用于將數據直接寫入ES的推薦方法。此外,它還在每個子賬戶中使用Lambda來觸發日志的傳輸,這樣的設計會增加每個子賬戶的復雜性和管理成本,如果子賬戶數量很多,這種方法可能不太實際。