Q: 15
A company has many AWS accounts. During AWS account creation the company uses automation to
create an Amazon CloudWatch Logs log group in every AWS Region that the company operates in.
The automaton configures new resources in the accounts to publish logs to the provisioned log
groups in their Region.
The company has created a logging account to centralize the logging from all the other accounts. A
DevOps engineer needs to aggregate the log groups from all the accounts to an existing Amazon S3
bucket in the logging account.
Which solution will meet these requirements in the MOST operationally efficient manner?
Options
Discussion
C is the way to go here. With multiple regions, AWS recommends setting up CloudWatch Log destinations and Kinesis streams per region to avoid cross-region latency and bottlenecks. This setup scales better and is more robust, especially when you have lots of accounts sending logs. Pretty sure that's what the exam wants, but correct me if anyone's seen otherwise.
Official AWS docs and practice exams both steer toward C. Region-specific Kinesis streams and Firehose for each region prevent bottlenecks and latency issues that can happen with a single centralized setup. Not 100% if there's a crazy new AWS feature, but this matches exam patterns I've seen reported. Agree?
C vs D? D is tempting but C lines up better with region isolation per the exam pattern.
I think C. The exam wants a Kinesis stream and Firehose per Region to scale and avoid cross-region lag, so D is a common trap since it’s not region-scoped. Pretty sure about this, but happy for other takes.
D imo
Depends if each region needs isolated flow to avoid cross-region latency. If that's the rule (which logs usually want), it's C.
Be respectful. No spam.
