A company's application uses Network Load Balancers, Auto Scaling groups, Amazon EC2 instances, and databases that are deployed in an Amazon VPC. The company wants to capture information about traffic to and from the network interfaces in near real time in its Amazon VPC. The company wants to send the information to Amazon OpenSearch Service for analysis.
Which solution will meet these requirements?
A. Create a log group in Amazon CloudWatch Logs. Configure VPC Flow Logs to send the log data to the log group. Use Amazon Kinesis Data Streams to stream the logs from the log group to OpenSearch Service.
B. Create a log group in Amazon CloudWatch Logs. Configure VPC Flow Logs to send the log data to the log group. Use Amazon Kinesis Data Firehose to stream the logs from the log group to OpenSearch Service.
C. Create a trail in AWS CloudTrail. Configure VPC Flow Logs to send the log data to the trail. Use Amazon Kinesis Data Streams to stream the logs from the trail to OpenSearch Service.
D. Create a trail in AWS CloudTrail. Configure VPC Flow Logs to send the log data to the trail. Use Amazon Kinesis Data Firehose to stream the logs from the trail to OpenSearch Service.
B
一家公司的應用程序使用網絡負載均衡器、自動擴縮組、Amazon EC2實例以及部署在Amazon VPC中的數據庫。公司希望在其Amazon VPC中近乎實時地捕獲有關網絡接口進出流量的信息。公司希望將該信息發送到Amazon OpenSearch Service進行分析。
公司需要在VPC中近乎實時地捕獲網絡接口流量信息,并將其發送到Amazon OpenSearch Service進行分析。關鍵在于選擇合適的日志捕獲和傳輸工具。
本題的核心是找到一種能夠捕獲VPC網絡流量日志,并能將日志近乎實時傳輸到OpenSearch Service的解決方案。VPC Flow Logs可以捕獲VPC中網絡接口的流量信息。而要將日志傳輸到OpenSearch Service,需要考慮日志傳輸服務的特性,如是否支持近乎實時傳輸以及與相關服務的集成能力。
技巧:排除明顯錯誤選項,在沒有明顯錯誤的選項中選擇最合理的選項。
A. 不正確。在Amazon CloudWatch Logs中創建一個日志組。配置VPC Flow Logs將日志數據發送到該日志組。使用Amazon Kinesis Data Streams將日志從日志組流式傳輸到OpenSearch Service。雖然Kinesis Data Streams可以實現數據的實時流式傳輸,但VPC Flow Logs直接發送到CloudWatch Logs后,使用Kinesis Data Streams從CloudWatch Logs獲取日志并傳輸到OpenSearch Service的操作相對復雜,不是最便捷的方式。
B. 正確。在Amazon CloudWatch Logs中創建一個日志組。配置VPC Flow Logs將日志數據發送到該日志組。使用Amazon Kinesis Data Firehose將日志從日志組流式傳輸到OpenSearch Service。VPC Flow Logs可以將日志數據發送到CloudWatch Logs中的日志組。Kinesis Data Firehose可以輕松地從CloudWatch Logs中獲取日志數據,并近乎實時地將數據傳輸到OpenSearch Service,滿足題目中近乎實時捕獲并傳輸日志到OpenSearch Service進行分析的要求。
C. 不正確。在AWS CloudTrail中創建一個軌跡(trail)。配置VPC Flow Logs將日志數據發送到該軌跡。使用Amazon Kinesis Data Streams將日志從軌跡流式傳輸到OpenSearch Service。AWS CloudTrail主要用于記錄API調用和相關事件,而不是用于捕獲VPC網絡接口的流量信息,VPC Flow Logs不能將數據發送到CloudTrail,所以該方案錯誤。
D. 不正確。在AWS CloudTrail中創建一個軌跡(trail)。配置VPC Flow Logs將日志數據發送到該軌跡。使用Amazon Kinesis Data Firehose將日志從軌跡流式傳輸到OpenSearch Service。同樣,CloudTrail不是用于接收VPC Flow Logs數據的,VPC Flow Logs無法將數據發送到CloudTrail,因此該方案也不正確。