AWS Certified Solutions Architect – Professional — Question 633

Your customer is willing to consolidate their log streams (access logs, application logs, security logs, etc.) in one single system. Once consolidated, the customer wants to analyze these logs in real time based on heuristics. From time to time, the customer needs to validate heuristics, which requires going back to data samples extracted from the last 12 hours.
What is the best approach to meet your customer's requirements?

Answer options

• A. Send all the log events to Amazon SQS, setup an Auto Scaling group of EC2 servers to consume the logs and apply the heuristics.
• B. Send all the log events to Amazon Kinesis, develop a client process to apply heuristics on the logs
• C. Configure Amazon CloudTrail to receive custom logs, use EMR to apply heuristics the logs
• D. Setup an Auto Scaling group of EC2 syslogd servers, store the logs on S3, use EMR to apply heuristics on the logs

Correct answer: B

Explanation

Amazon Kinesis is ideal for real-time streaming data processing and natively supports a data retention period (default of 24 hours, extendable up to 7 days), making it easy to access data samples from the last 12 hours for heuristic validation. Amazon SQS does not natively support re-reading processed messages easily, and storing logs in S3 for EMR processing is optimized for batch analysis rather than real-time heuristics. Amazon CloudTrail is designed for auditing AWS API calls and is not a general-purpose custom log ingestion service.