Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 517 discussion

send logs to Amazon S3 from AWS Systems Manager Session Manager. Here are the steps to do so: Enable S3 Logging: Open the AWS Systems Manager console. In the navigation pane, choose Session Manager. Choose the Preferences tab, and then choose Edit. Select the check box next to Enable under S3 logging. Create an S3 Bucket: To store the Session Manager logs, create an S3 bucket to hold the audit logs from the Session Manager interactive shell usage. Configure IAM Role: AWS Systems Manager Agent (SSM Agent) uses the same AWS Identity and Access Management (IAM) role to activate itself and upload logs to Amazon S3. You can use either an IAM instance profile that’s attached to an Amazon Elastic Compute Cloud (Amazon EC2) instance or the IAM role that’s configured for the Default Host Management Configuration.

A, You can choose to store session log data in a specified Amazon Simple Storage Service (Amazon S3) bucket for debugging and troubleshooting purposes. https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-logging.html#session-manager-logging-s3

Most efficient is A because it is a direct option in SM logging. B can work but is more operational overhead as you end up using CloudWatch (not sure how but making assumption based on language of option) C is definitely too much work D Way too many moving parts

You can choose to store session log data in a specified Amazon Simple Storage Service (Amazon S3) bucket for debugging and troubleshooting purposes.

You can config the log archived to S3 in the Session Manager - > preference tab. Another option is CloudWatch log. https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-logging.html#session-manager-logging-s3

°Simplicity - Enabling S3 logging requires just a simple configuration in the Systems Manager console to specify the destination S3 bucket. No other services need to be configured. °Direct integration - Systems Manager has native support to send session logs to S3 through this feature. No need for intermediary services. °Automated flow - Once S3 logging is enabled, the session logs automatically flow to the S3 bucket without manual intervention. °Easy management - The S3 bucket can be managed independently for log storage and archival purposes without impacting Systems Manager. °Cost-effectiveness - No charges for intermediate CloudWatch or Kinesis services. Just basic S3 storage costs. °Minimal overhead - No ongoing management of complex pipeline of services. Direct logs to S3 minimizes overhead.

With the MOST operational efficiency then option A is best. Otherwise B is also an option with a little bit more ops than option A. https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-logging.html

Answer A. https://aws-labs.net/winlab5-manageinfra/sessmgrlog.html

GPT argued for D. B could be an option, by installing a logging package on alle managed systems/ECs etc. https://docs.aws.amazon.com/systems-manager/latest/userguide/distributor-working-with-packages-deploy.html However, as it mentions the "Session manager logs" I would tend towards A.

It should be "A". https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-logging.html

It have menu to Enable S3 Logging. https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-logging.html#session-manager-logging-s3

BBBBBBBBB

The option 'A' says "Enable S3 logging in the Systems Manager console." This means that you will enable the logs !! FOR !! S3 events and its is not what the question asks. My vote is for Option B, based on this article: https://docs.aws.amazon.com/AmazonS3/latest/userguide/logging-with-S3.html

DDDDDD

Option D is definetely not right, Its optiom B

Chat GPT says option A is incorrect cos it requires enabling S3 logging in the system manager console only logs information about the systems manager service not the session logs Says correct answer is B

option A does not involve CloudWatch, while option D does. Therefore, in terms of operational overhead, option A would generally have less complexity and operational overhead compared to option D. Option A simply enables S3 logging in the Systems Manager console, allowing you to directly send session logs to an S3 bucket. This approach is straightforward and requires minimal configuration. On the other hand, option D involves installing and configuring the Amazon CloudWatch agent, creating a CloudWatch log group, setting up a CloudWatch Logs subscription, and configuring an Amazon Kinesis Data Firehose delivery stream to store logs in an S3 bucket. This requires additional setup and management compared to option A. So, if minimizing operational overhead is a priority, option A would be a simpler and more straightforward choice.