AWS Certified SysOps Administrator – Associate (legacy) — Question 141

A company has centralized all its logs into one Amazon CloudWatch Logs log group. The SysOps Administrator is to alert different teams of any issues relevant to them.
What is the MOST efficient approach to accomplish this?

Answer options

• A. Write an AWS Lambda function that will query the logs every minute and contain the logic of which team to notify on which patterns and issues.
• B. Set up different metric filters for each team based on patterns and alerts. Each alarm will notify the appropriate notification list.
• C. Redesign the aggregation of logs so that each team's relevant parts are sent to a separate log group, then subscribe each team to its respective log group.
• D. Create an AWS Auto Scaling group of Amazon EC2 instances that will scale based on the amount of ingested log entries. This group will pull log streams, look for patterns, and send notifications to relevant teams.

Correct answer: C

Explanation

Option C is the most efficient because it allows each team to focus on their relevant logs, reducing noise and increasing the relevance of notifications. Option A is less efficient since it requires constant querying and complex logic. Option B, while effective, may become cumbersome if many teams are involved. Option D is overly complex and unnecessary for simply alerting teams based on log data.