A company's application uses Network Load Balancers, Auto Scaling groups, Amazon EC2 instances, and databases that are deployed in an Amazon VPC. The company wants to capture information about traffic to and from the network interfaces in near real time in its Amazon VPC. The company wants to send the information to Amazon OpenSearch Service for analysis.
Which solution will meet these requirements?
A. Create a log group in Amazon CloudWatch Logs. Configure VPC Flow Logs to send the log data to the log group. Use Amazon Kinesis Data Streams to stream the logs from the log group to OpenSearch Service.
B. Create a log group in Amazon CloudWatch Logs. Configure VPC Flow Logs to send the log data to the log group. Use Amazon Kinesis Data Firehose to stream the logs from the log group to OpenSearch Service.
C. Create a trail in AWS CloudTrail. Configure VPC Flow Logs to send the log data to the trail. Use Amazon Kinesis Data Streams to stream the logs from the trail to OpenSearch Service.
D. Create a trail in AWS CloudTrail. Configure VPC Flow Logs to send the log data to the trail. Use Amazon Kinesis Data Firehose to stream the logs from the trail to OpenSearch Service.
B
一家公司的应用程序使用网络负载均衡器、自动扩缩组、Amazon EC2实例以及部署在Amazon VPC中的数据库。公司希望在其Amazon VPC中近乎实时地捕获有关网络接口进出流量的信息。公司希望将该信息发送到Amazon OpenSearch Service进行分析。
公司需要在VPC中近乎实时地捕获网络接口流量信息,并将其发送到Amazon OpenSearch Service进行分析。关键在于选择合适的日志捕获和传输工具。
本题的核心是找到一种能够捕获VPC网络流量日志,并能将日志近乎实时传输到OpenSearch Service的解决方案。VPC Flow Logs可以捕获VPC中网络接口的流量信息。而要将日志传输到OpenSearch Service,需要考虑日志传输服务的特性,如是否支持近乎实时传输以及与相关服务的集成能力。
技巧:排除明显错误选项,在没有明显错误的选项中选择最合理的选项。
A. 不正确。在Amazon CloudWatch Logs中创建一个日志组。配置VPC Flow Logs将日志数据发送到该日志组。使用Amazon Kinesis Data Streams将日志从日志组流式传输到OpenSearch Service。虽然Kinesis Data Streams可以实现数据的实时流式传输,但VPC Flow Logs直接发送到CloudWatch Logs后,使用Kinesis Data Streams从CloudWatch Logs获取日志并传输到OpenSearch Service的操作相对复杂,不是最便捷的方式。
B. 正确。在Amazon CloudWatch Logs中创建一个日志组。配置VPC Flow Logs将日志数据发送到该日志组。使用Amazon Kinesis Data Firehose将日志从日志组流式传输到OpenSearch Service。VPC Flow Logs可以将日志数据发送到CloudWatch Logs中的日志组。Kinesis Data Firehose可以轻松地从CloudWatch Logs中获取日志数据,并近乎实时地将数据传输到OpenSearch Service,满足题目中近乎实时捕获并传输日志到OpenSearch Service进行分析的要求。
C. 不正确。在AWS CloudTrail中创建一个轨迹(trail)。配置VPC Flow Logs将日志数据发送到该轨迹。使用Amazon Kinesis Data Streams将日志从轨迹流式传输到OpenSearch Service。AWS CloudTrail主要用于记录API调用和相关事件,而不是用于捕获VPC网络接口的流量信息,VPC Flow Logs不能将数据发送到CloudTrail,所以该方案错误。
D. 不正确。在AWS CloudTrail中创建一个轨迹(trail)。配置VPC Flow Logs将日志数据发送到该轨迹。使用Amazon Kinesis Data Firehose将日志从轨迹流式传输到OpenSearch Service。同样,CloudTrail不是用于接收VPC Flow Logs数据的,VPC Flow Logs无法将数据发送到CloudTrail,因此该方案也不正确。