AWS Certified SysOps Administrator – Associate (legacy) — Question 618

A SysOps Administrator is maintaining an application running on Amazon EBS-backed Amazon EC2 instances in an Amazon EC2 Auto Scaling group. The application is set to automatically terminate unhealthy instances. The Administrator wants to preserve application logs from these instances for future analysis.
Which action will accomplish this?

Answer options

• A. Change the storage type from EBS to instance store.
• B. Configure an Amazon CloudWatch Events rule to transfer the logs to Amazon S3 upon an EC2 state change to terminated.
• C. Configure the unified CloudWatch agent to stream the logs to Amazon CloudWatch Logs.
• D. Configure VPC Flow Logs for the subnet hosting the EC2 instance.

Correct answer: D

Explanation

Configuring VPC Flow Logs captures IP traffic flow data for the subnet hosting the EC2 instances, ensuring that network-related application logs and communication history are preserved externally even after the instances are terminated. Other options like changing to instance store would lose data upon termination, and standard CloudWatch event rules cannot retrieve local files from already terminated instances.