AWS Certified Solutions Architect – Professional (SAP-C02) — Question 280
A company uses an Amazon Aurora PostgreSQL DB cluster for applications in a single AWS Region. The company's database team must monitor all data activity on all the databases.
Which solution will achieve this goal?
Answer options
- A. Set up an AWS Database Migration Service (AWS DMS) change data capture (CDC) task. Specify the Aurora DB cluster as the source. Specify Amazon Kinesis Data Firehose as the target. Use Kinesis Data Firehose to upload the data into an Amazon OpenSearch Service cluster for further analysis.
- B. Start a database activity stream on the Aurora DB cluster to capture the activity stream in Amazon EventBridge. Define an AWS Lambda function as a target for EventBridge. Program the Lambda function to decrypt the messages from EventBridge and to publish all database activity to Amazon S3 for further analysis.
- C. Start a database activity stream on the Aurora DB cluster to push the activity stream to an Amazon Kinesis data stream. Configure Amazon Kinesis Data Firehose to consume the Kinesis data stream and to deliver the data to Amazon S3 for further analysis.
- D. Set up an AWS Database Migration Service (AWS DMS) change data capture (CDC) task. Specify the Aurora DB cluster as the source. Specify Amazon Kinesis Data Firehose as the target. Use Kinesis Data Firehose to upload the data into an Amazon Redshift cluster. Run queries on the Amazon Redshift data to determine database activities on the Aurora database.
Correct answer: C
Explanation
Amazon Aurora Database Activity Streams (DAS) provides a near-real-time stream of database activity, which it natively pushes to an Amazon Kinesis data stream. Integrating Amazon Kinesis Data Firehose to consume this data stream and store the results in Amazon S3 is the standard, scalable architecture for storing and analyzing database audit logs. Other options using AWS DMS CDC are designed for data replication rather than comprehensive activity auditing, and DAS does not natively stream directly to Amazon EventBridge.