A member of the Security Audit team would like to perform an analysis and investigation of ELB Access Logs by doing some ad-hoc queries.
The ELB Access Logging is enabled.
Which solution enables the team members to perform Access Logs analysis most efficiently?
Click on the arrows to vote for the correct answer
A. B. C. D. E.Answer: B.
Option A is incorrect because CloudTrail manages API activity on our AWS account and keeps a log of it.
It cannot be used to query ELB Access Logs.
Option B is CORRECT because Amazon Athena supports S3 as a data source and can be used to query data directly in S3
Athena can be worked on using ad-hoc queries and can perform access logs analytics efficiently.
Option C is incorrect because QuickSight only supports text file formats (.csv, .tsv, .clf, or .elf) stored in S3.ELB Access Logs are compressed files.
AWS QuickSight is used for visualization and would not be useful with ad-hoc queries and performing analytics on ELB access logs.
Option D is incorrect because using Redshift would not be the most efficient solution as it requires the provisioning of infrastructure and ETL of data into the service.
Option E is incorrect because it is not the most efficient solution.
Splunk is a third-party solution.
So it requires purchasing of licenses, provisioning of infrastructure, installation and configuration, and ETL of data.
Reference:
https://docs.aws.amazon.com/athena/latest/ug/application-load-balancer-logs.htmlThe most efficient solution for performing ad-hoc queries on ELB Access Logs is Amazon Athena (option B).
Amazon Athena is a serverless, interactive query service that enables analyzing data directly in Amazon S3 using SQL. In this scenario, the ELB Access Logs are stored in S3, so the security audit team can easily query them using Athena without having to set up any infrastructure or manage any servers. Athena integrates with AWS Glue, which can automatically discover the schema of the data and create a table in the Athena data catalog, making it easy to query the data using standard SQL.
CloudTrail (option A) is a service that records all API calls made in an AWS account and delivers the log files to an S3 bucket. While CloudTrail logs can be useful for auditing purposes, they do not contain the same level of detail as ELB Access Logs, which provide detailed information about HTTP requests made to the ELB. CloudTrail logs would not be the most efficient solution for analyzing ELB Access Logs.
QuickSight (option C) is a business intelligence and visualization tool that can be used to create dashboards and reports from data stored in AWS services such as S3, Redshift, and Athena. While QuickSight can be used to visualize ELB Access Logs data, it is not the most efficient solution for ad-hoc queries.
Redshift (option D) is a data warehousing service that can be used to store and analyze large amounts of data. While Redshift can be used to store ELB Access Logs data and perform ad-hoc queries, it requires setting up and managing a Redshift cluster, which can be time-consuming and may not be the most cost-effective solution for analyzing ELB Access Logs data.
Splunk (option E) is a third-party log analysis tool that can be used to analyze log data from various sources, including ELB Access Logs. While Splunk can be an efficient solution for analyzing log data, it requires setting up and managing a Splunk instance, which can be complex and expensive compared to using Athena.
In summary, the most efficient solution for analyzing ELB Access Logs data using ad-hoc queries would be Amazon Athena.