AWS Certified Database – Specialty — Question 16

A company is using Amazon RDS for PostgreSQL. The Security team wants all database connection requests to be logged and retained for 180 days. The RDS for PostgreSQL DB instance is currently using the default parameter group. A Database Specialist has identified that setting the log_connections parameter to 1 will enable connections logging.
Which combination of steps should the Database Specialist take to meet the logging and retention requirements? (Choose two.)

Answer options

• A. Update the log_connections parameter in the default parameter group
• B. Create a custom parameter group, update the log_connections parameter, and associate the parameter with the DB instance
• C. Enable publishing of database engine logs to Amazon CloudWatch Logs and set the event expiration to 180 days
• D. Enable publishing of database engine logs to an Amazon S3 bucket and set the lifecycle policy to 180 days
• E. Connect to the RDS PostgreSQL host and update the log_connections parameter in the postgresql.conf file

Correct answer: B, C

Explanation

The correct answer is B and C. Creating a custom parameter group allows for changes to the log_connections parameter while keeping the default group intact. Enabling log publishing to Amazon CloudWatch Logs and setting the event expiration to 180 days ensures that logs are retained as required. Options A and E are incorrect because modifying the default parameter group directly is not possible, and connecting to the host to change the postgresql.conf file is not an option for RDS. Option D, while it allows for storage, does not meet the requirement for logging connection requests specifically.