Exam AWS Certified Security - Specialty topic 1 question 493 discussion

A,D - Access logging generates log files that can be analyzed, while detailed CloudWatch metrics generate metrics that can be analyzed. Configure access logging for the required API stage: This implementation involves configuring access logging for the API stage, which will generate log files that contain information about each API request. The log files can be analyzed using a tool like Amazon CloudWatch Logs Insights to gain insights into API access patterns 1 . Select the Enable Detailed CloudWatch Metrics option on the required API stage: This implementation involves enabling detailed CloudWatch metrics for the API stage, which will generate metrics that provide visibility into API usage patterns. The metrics can be analyzed using CloudWatch Metric Math to derive insights into API access patterns

In the context of the question, "without the need to parse the log files" means the developer wants a solution that doesn't require manual examination and interpretation of raw log data. In that case, option A, which involves configuring access logging, might not be the best fit because while it does provide valuable data, it requires parsing and interpretation of log files. Instead, choosing option E: "Select the Enable Detailed CloudWatch Metrics option on the required API stage" might be a better fit. This option provides graphical visualization of API usage, error rates, and latency directly in the CloudWatch console, removing the need for manual log parsing. So, the correct choices would be: E. Select the Enable Detailed CloudWatch Metrics option on the required API stage. D. Use Amazon CloudWatch Logs Insights to analyze API access information.

"In access logging, you, as an API developer, want to log who has accessed your API and how the caller accessed the API. " https://docs.aws.amazon.com/apigateway/latest/developerguide/set-up-logging.html CloudWatch Logs Insights is obvious: https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/AnalyzingLogData.html

A. Configure access logging for the required API stage: By enabling access logging, API Gateway will generate log files that capture detailed information about each API request. These logs can be stored in Amazon S3 or streamed to CloudWatch Logs. D. Use Amazon CloudWatch Logs Insights to analyze API access information: With CloudWatch Logs Insights, you can run queries on the log data generated by API Gateway to gain insights into API access patterns. CloudWatch Logs Insights provides a powerful query language that allows you to filter, aggregate, and analyze log data. By configuring access logging and utilizing CloudWatch Logs Insights, you can easily analyze API access patterns without the need to parse log files manually. The log data will be readily available and accessible for analysis using CloudWatch Logs Insights.