AWS Certified Developer – Associate — Question 351

A company deploys a new application to AWS. The company is streaming application logs to Amazon CloudWatch Logs. The company’s development team must receive notification by email when the word “ERROR” appears in any log lines. A developer sets up an Amazon Simple Notification Service (Amazon SNS) topic and subscribes the development team to the topic.

What should the developer do next to meet the requirements?

Answer options

• A. Select the appropriate log group. Create a CloudWatch metric filter with “ERROR” as the search term. Create an alarm on this metric that notifies the SNS topic when the metric is 1 or higher.
• B. In CloudWatch Logs Insights, select the appropriate log group. Create a metric query to search for the term “ERROR” in the logs. Create an alarm on this metric that notifies the SNS topic when the metric is 1 or higher.
• C. Select the appropriate log group. Create an SNS subscription filter with “ERROR” as the filter pattern. Select the SNS topic as the destination.
• D. Create a CloudWatch alarm that includes “ERROR” as a filter pattern, a log group dimension that defines the appropriate log group, and a destination that notifies the SNS topic.

Correct answer: A

Explanation

To trigger an email notification via SNS when specific text appears in CloudWatch Logs, you must first define a metric filter on the log group to track occurrences of the keyword. Then, you create a CloudWatch alarm based on that custom metric that triggers when the count is 1 or greater, sending a message to the SNS topic. The other options are incorrect because CloudWatch alarms cannot directly filter log patterns without a metric filter, subscription filters are used for streaming data to destinations rather than direct alerting, and Logs Insights queries cannot be directly alarmed upon.