AWS Certified Solutions Architect – Associate (SAA-C03) — Question 638

A company's application uses Network Load Balancers, Auto Scaling groups, Amazon EC2 instances, and databases that are deployed in an Amazon VPC. The company wants to capture information about traffic to and from the network interfaces in near real time in its Amazon VPC. The company wants to send the information to Amazon OpenSearch Service for analysis.

Which solution will meet these requirements?

Answer options

• A. Create a log group in Amazon CloudWatch Logs. Configure VPC Flow Logs to send the log data to the log group. Use Amazon Kinesis Data Streams to stream the logs from the log group to OpenSearch Service.
• B. Create a log group in Amazon CloudWatch Logs. Configure VPC Flow Logs to send the log data to the log group. Use Amazon Kinesis Data Firehose to stream the logs from the log group to OpenSearch Service.
• C. Create a trail in AWS CloudTrail. Configure VPC Flow Logs to send the log data to the trail. Use Amazon Kinesis Data Streams to stream the logs from the trail to OpenSearch Service.
• D. Create a trail in AWS CloudTrail. Configure VPC Flow Logs to send the log data to the trail. Use Amazon Kinesis Data Firehose to stream the logs from the trail to OpenSearch Service.

Correct answer: B

Explanation

VPC Flow Logs can publish network traffic data directly to Amazon CloudWatch Logs or Amazon S3, but not to AWS CloudTrail, which rules out options C and D. To stream these logs from CloudWatch to Amazon OpenSearch Service in near real-time, Amazon Kinesis Data Firehose is the ideal service because it natively supports OpenSearch as a delivery destination without requiring a custom consumer application.