AWS Certified DevOps Engineer - Professional
A company operating on AWS has established a VPC housing essential compute resources with consistent traffic patterns. They have set up VPC flow logs to be sent to a log group within Amazon CloudWatch Logs. The DevOps team is tasked with implementing a monitoring system for these VPC flow logs to detect network traffic anomalies over time. In the event that an anomaly is detected, the team must be able to trigger a response. What is the appropriate configuration for the monitoring solution to fulfill these requirements?
Exam-Like
A
Create an Amazon Kinesis data stream, subscribe the log group to it, and use Amazon Kinesis Data Analytics to analyze the stream for anomalies. Implement an AWS Lambda function as the stream's output to write to the default Amazon EventBridge event bus upon anomaly detection.
B
Set up an Amazon Kinesis Data Firehose delivery stream to an Amazon S3 bucket, subscribe the log group to it, and employ Amazon Lookout for Metrics to analyze the S3 bucket data for anomalies. Create an AWS Lambda function to publish to the default Amazon EventBridge event bus in response to Lookout for Metrics anomaly findings.
C
Develop an AWS Lambda function for anomaly detection, configure it to send an event to the default Amazon EventBridge event bus if an anomaly is found, and subscribe the Lambda function to the log group.
D
Establish an Amazon Kinesis data stream, subscribe the log group to it, and create an AWS Lambda function to analyze the stream for anomalies. Configure the Lambda function to write to the default Amazon EventBridge event bus upon anomaly detection and set it as the stream's processor.
Explanation:
The correct answer is A. The solution involves using an Amazon Kinesis data stream to which the log group is subscribed. Amazon Kinesis Data Analytics is used to detect anomalies in the data stream, which is highly effective for real-time processing of streaming data and identifying anomalies. An AWS Lambda function is then used to handle anomaly findings and write them to the default Amazon EventBridge event bus, enabling further automated responses or alerts. This approach provides a robust and scalable solution for monitoring and responding to network traffic anomalies.