AWS Certified DevOps Engineer – Professional — Question 76

A company manages an application that stores logs in Amazon CloudWatch Logs. The company wants to archive the logs in Amazon S3. Logs are rarely accessed after 90 days and must be retained for 10 years.

Which combination of steps should a DevOps engineer take to meet these requirements? (Choose two.)

Answer options

• A. Configure a CloudWatch Logs subscription filter to use AWS Glue to transfer all logs to an S3 bucket.
• B. Configure a CloudWatch Logs subscription filter to use Amazon Kinesis Data Firehose to stream all logs to an S3 bucket.
• C. Configure a CloudWatch Logs subscription filter to stream all logs to an S3 bucket.
• D. Configure the S3 bucket lifecycle policy to transition logs to S3 Glacier after 90 days and to expire logs after 3,650 days.
• E. Configure the S3 bucket lifecycle policy to transition logs to Reduced Redundancy after 90 days and to expire logs after 3,650 days.

Correct answer: B, D

Explanation

Option B is correct because using Amazon Kinesis Data Firehose allows for real-time streaming of logs to S3, ensuring they are archived efficiently. Option D is also correct as it establishes a lifecycle policy that moves the logs to S3 Glacier for cost-effective long-term storage after 90 days and sets a retention period of 10 years. The other options either do not utilize appropriate services for log transfer or use incorrect lifecycle policies.