AWS Certified Database – Specialty — Question 319

A company uses Amazon Aurora MySQL as the primary database engine for many of its applications. A database specialist must create a dashboard to provide the company with information about user connections to databases. According to compliance requirements, the company must retain all connection logs for at least 7 years.
Which solution will meet these requirements MOST cost-effectively?

Answer options

• A. Enable advanced auditing on the Aurora cluster to log CONNECT events. Export audit logs from Amazon CloudWatch to Amazon S3 by using an AWS Lambda function that is invoked by an Amazon EventBridge (Amazon CloudWatch Events) scheduled event. Build a dashboard by using Amazon QuickSight.
• B. Capture connection attempts to the Aurora cluster with AWS Cloud Trail by using the DescribeEvents API operation. Create a CloudTrail trail to export connection logs to Amazon S3. Build a dashboard by using Amazon QuickSight.
• C. Start a database activity stream for the Aurora cluster. Push the activity records to an Amazon Kinesis data stream. Build a dynamic dashboard by using AWS Lambda.
• D. Publish the DatabaseConnections metric for the Aurora DB instances to Amazon CloudWatch. Build a dashboard by using CloudWatch dashboards.

Correct answer: A

Explanation

Enabling advanced auditing with CONNECT events allows the database to log detailed connection activity, which can then be exported to Amazon S3 for cheap, long-term 7-year storage, and visualized cost-effectively using Amazon QuickSight. AWS CloudTrail does not capture internal database connection events, and Database Activity Streams are too expensive for this specific use case. The DatabaseConnections metric in CloudWatch only tracks connection counts rather than the detailed connection logs required for compliance.