Q64 — AWS SAP-C02 Ch.2

Question 64 of 75 | ← Chapter 2

Q214. A company has developed a hybrid solution between its data center and AWS. The company uses Amazon VPC and Amazon EC2 instances that send application logs to Amazon CloudWatch. The EC2 instances read data from multiple relational databases that are hosted on premises. The company wants to monitor which EC2 instances are connected to the databases in near-real time. The company already has a monitoring solution that uses Splunk on premises. A solutions architect needs to determine how to send networking traffic to Splunk. How should the solutions architect meet these requirements?

Correct Answer: B. Create an Amazon Kinesis Data Firehose delivery stream with Splunk as the destination. Configure a pre-processing AWS Lambda function with a Kinesis Data Firehose stream processor that extracts individual log events from records sent by CloudWatch Logs subscription filters. Enable VPC flows logs, and send them to CloudWatch. Create a CloudWatch Logs subscription that sends log events to the Kinesis Data Firehose delivery stream

Explanation

Option A suggests enabling VPC flow logs and sending them to CloudWatch, but does not provide an automatic way to extract EC2 instance information and send it to Splunk. Option C suggests logging every request made to the databases along with the EC2 instance IP address and exporting the CloudWatch logs to an Amazon S3 bucket, but this approach requires manual intervention and is not near-real time. Option D suggests sending the CloudWatch logs to an Amazon Kinesis data stream with Amazon Kinesis Data Analytics for SQL Applications to monitor networking traffic anomalies in near-real time, but this approach is not specific to obtaining information about EC2 instances connected to the databases. Therefore, option B provides the most suitable solution by creating an Amazon Kinesis Data Firehose delivery stream with Splunk as the destination, configuring a pre-processing AWS Lambda function with a Kinesis Data Firehose stream processor that extracts individual log events from records sent by CloudWatch Logs subscription filters, enabling VPC flow logs and sending them to CloudWatch, and creating a CloudWatch Logs subscription that sends log events to the Kinesis Data Firehose delivery stream. This approach ensures near-real-time monitoring of EC2 instances connected to the databases while also providing a seamless integration with the existing Splunk monitoring solution.