Logo
AWS Certified Developer – Associate / Question #630 of 557

Question #630

A company hosts a web application on AWS using Amazon EC2 instances and stores data in Amazon Aurora. The application logs custom AUTH_FAILURE errors to Amazon CloudWatch Logs. The operations team discovered the issue only after automated tests, which run every 45 minutes, failed. A developer needs to implement a monitoring solution that alerts the team in real-time when these errors occur, minimizing operational overhead.

A

Modify the application to publish a custom metric to CloudWatch. Set up a CloudWatch alarm with an SNS topic for notifications.
B

Create a Lambda function that checks CloudWatch Logs every 10 minutes for AUTH_FAILURE. Configure it to trigger SNS notifications.
C

Use CloudWatch Logs to create a metric filter for AUTH_FAILURE. Create an alarm on this metric (threshold >=1) linked to an SNS topic.
D

Install the CloudWatch agent on EC2 to collect custom metrics for AUTH_FAILURE errors and send notifications via SNS.

Explanation

Answer C is correct because:
1. Real-Time Monitoring: CloudWatch Logs metric filters process log data in real-time, ensuring immediate detection of AUTH_FAILURE errors (unlike Lambda polling every 10 minutes or automated tests every 45 minutes).
2. Minimal Operational Overhead: No code changes (Option A) or infrastructure management (Options B/D) are required. CloudWatch natively supports metric filters and alarms.
3. Cost-Effective: Metric filters are low-cost and integrate directly with CloudWatch alarms and SNS.

Why other options are incorrect:
- A: Requires modifying the application code to publish custom metrics, adding development effort.
- B: Lambda polling every 10 minutes introduces delays and recurring execution costs.
- D: Installing/managing the CloudWatch agent adds unnecessary operational complexity when logs are already in CloudWatch.

Key Points:
- Use CloudWatch Logs metric filters for real-time log pattern detection.
- Alarms on metric filters (threshold ≥1) trigger instantly when errors occur.
- Avoid code/architecture changes unless necessary.

Answer

The correct answer is: C