Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 32 discussion

Explanation: Option B is correct because you can change the logging driver in the ECS task definition to awslogs, which will direct the logs to Amazon CloudWatch Logs. Then, the logs can be forwarded to the Amazon S3 bucket. Option D is correct because enabling access logging on the Application Load Balancer (ALB) allows the collection of access logs that can be sent directly to an S3 bucket. Option F is correct because you can create an Amazon Kinesis Data Firehose delivery stream that can deliver logs from CloudWatch Logs directly to an Amazon S3 bucket in near-real-time.

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-logging-monitoring.html

https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-logging-monitoring.html

Enable access logging using the ALB management console, CLI, or API. Specify the S3 bucket where the logs will be stored and, if necessary, set the log file prefix (e.g., production, staging.) to store the logs in different paths within the bucket.

BDF: There are two types of log that needs to be collected B: push app log to Cloudwatch log D: push access log to S3 F: using Kinesis to push app log from cloudwatch log to S3 in near real-time A: wrong - we need cloudwatch agent, not container instance C: No need to use event bridge and lambda to trigger cloudwatch log to push log to s3. E: access logs lie in ALB, not ECS services.

BDF is the answer . btw, can't we use cloudwatch ingists to collet the logs from containers in ecs there days , and then usign the subscription filter we can sends those logs to s3. without having to install cloud watch agent.

Real time. so not E

BDF makes sense. E is certainly wrong.

BDF Access logs cannot be configured by ALB target group https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-access-logs.html

Option B sends data to the Cloudwatch Log. This issue requires that logs be collected in S3.

Answer is bdf

B - get application logs to CW D - get access logs to S3 F - get application logs from CW to S3 in near-real time

Option BDE can be cumbersome to manage in a large environment and may not be ideal for applications that generate large amounts of logs. Option BDF, on the other hand, captures both application and access logs, and uses the CloudWatch Logs driver to stream logs directly to CloudWatch Logs. This solution is more scalable as it does not require the CloudWatch Logs agent to be installed on each instance, and it can capture logs from multiple ECS tasks running on the same instance. In addition, the logs can be sent to an S3 bucket using a Kinesis Data Firehose delivery stream, which provides near-real-time analysis capabilities.

B D F for me