Question 30
Domain 3: Design High-Performing ArchitecturesA company needs to load VPC Flow Logs into Amazon S3 for analysis with Athena. The solution should be fully managed with minimal setup. What should be configured?
Correct answer: B
Explanation
Amazon VPC Flow Logs can deliver log data to Amazon S3, and Kinesis Data Firehose provides a fully managed delivery stream with minimal setup. Using Firehose as the destination lets the logs be loaded into S3 for Athena analysis without building custom ingestion or management logic.
Why each option is right or wrong
A. Use Kinesis Data Streams with Lambda
B. Use Kinesis Data Firehose as the Flow Logs destination
Amazon VPC Flow Logs can be delivered to an Amazon S3 bucket, and Athena queries that bucket directly, so the destination must land the logs in S3 without extra processing. Kinesis Data Firehose is the managed delivery service that can write to S3 with no servers to provision or custom consumers to build, which fits the requirement for minimal setup; by contrast, the VPC Flow Logs service supports S3, CloudWatch Logs, and Kinesis Data Firehose destinations, and Firehose is the only one here that provides fully managed ingestion into S3 for downstream Athena analysis.
C. Use CloudWatch Logs with manual export
D. Use custom EC2 instances to collect logs