AWS Certified Solutions Architect – Professional — Question 1018

A three-tier web application runs on Amazon EC2 instances. Cron daemons are used to trigger scripts that collect the web server, application, and database logs and send them to a centralized location every hour. Occasionally, scaling events or unplanned outages have caused the instances to stop before the latest logs were collected, and the log files were lost.
Which of the following options is the MOST reliable way of collecting and preserving the log files?

Answer options

• A. Update the cron jobs to run every 5 minutes instead of every hour to reduce the possibility of log messages being lost in an outage.
• B. Use Amazon CloudWatch Events to trigger Amazon Systems Manager Run Command to invoke the log collection scripts more frequently to reduce the possibility of log messages being lost in an outage.
• C. Use the Amazon CloudWatch Logs agent to stream log messages directly to CloudWatch Logs. Configure the agent with a batch count of 1 to reduce the possibility of log messages being lost in an outage.
• D. Use Amazon CloudWatch Events to trigger AWS Lambda to SSH into each running instance and invoke the log collection scripts more frequently to reduce the possibility of log messages being lost in an outage.

Correct answer: C

Explanation

Streaming logs in real-time using the Amazon CloudWatch Logs agent is the most reliable method because it continuously forwards log data, and setting the batch count to 1 ensures logs are sent immediately as they are generated. Other options like running cron jobs, Systems Manager Run Command, or Lambda SSH scripts more frequently still rely on periodic polling, which leaves a window of time where logs can be lost during sudden instance termination.