Question 15

Question

A company has many AWS accounts. During AWS account creation the company uses automation to
create an Amazon CloudWatch Logs log group in every AWS Region that the company operates in.
The automaton configures new resources in the accounts to publish logs to the provisioned log
groups in their Region.
The company has created a logging account to centralize the logging from all the other accounts. A
DevOps engineer needs to aggregate the log groups from all the accounts to an existing Amazon S3
bucket in the logging account.
Which solution will meet these requirements in the MOST operationally efficient manner?

Accepted Answer

In the logging account create a CloudWatch Logs destination with a destination policy for each
Region. For each new account subscribe the CloudWatch Logs log groups to the destination Configure
an Amazon Kinesis data stream and an Amazon Kinesis Data Firehose delivery stream for each Region
to deliver the logs from the CloudWatch Logs destinations to the S3 bucket.

Vikram H. · Answer

Depends if each region needs isolated flow to avoid cross-region latency. If that's the rule (which logs usually want), it's C.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE