Exam AWS Certified Database - Specialty topic 1 question 56 discussion

Option A.

Looks like option C was added as a distractor. When the value of the audit_logs cluster parameter is enabled, you must also enable Amazon DocumentDB to export logs to Amazon CloudWatch. If you omit either of these steps, audit logs will not be sent to CloudWatch. Answer should be A

Option A - enable audit log - enable export to ClopudWatch Logs

A. Enable DocumentDB to export the logs to Amazon CloudWatch Logs https://docs.aws.amazon.com/documentdb/latest/developerguide/event-auditing.html " When auditing is enabled, Amazon DocumentDB exports your cluster’s auditing records (JSON documents) to Amazon CloudWatch Logs. You can use Amazon CloudWatch Logs to analyze, monitor, and archive your Amazon DocumentDB auditing events."

Amazon DocumentDB auditing supports the following event categories: - Data Definition Language (DDL) - Data Manipulation Language(DML) Enabling auditing on a cluster is a two-step process. Step 1. Enable the audit_logs cluster parameter (done) Step 2. Enable Amazon CloudWatch Logs Export https://docs.aws.amazon.com/documentdb/latest/developerguide/event-auditing.html

https://docs.aws.amazon.com/documentdb/latest/developerguide/event-auditing.html

The audit logs are for Document DB events. But to enable it, we must enable CloudWatch Logs exports on Document DB not Document DB Events.

Option A Below is from AWS Documentation - https://docs.aws.amazon.com/documentdb/latest/developerguide/event-auditing.html When the value of the audit_logs cluster parameter is enabled, you must also enable Amazon DocumentDB to export logs to Amazon CloudWatch. If you omit either of these steps, audit logs will not be sent to CloudWatch.

A is the correct option as this is a mandatory step besides changing the value of audit_logs parameter

A is the correct answer

I don't know if this sounds like a silly question, but how about B?

Answer is A with sure. When you go to the console and hit on create a cluster, you will see an option to enable exports Profile and Audit logs to cloudwatch.

Option A is correct. Just validated from AWS site: When the value of the audit_logs cluster parameter is enabled, you must also enable Amazon DocumentDB to export logs to Amazon CloudWatch. If you omit either of these steps, audit logs will not be sent to CloudWatch.

I am leaning towards A.

I think Answer is A When auditing is enabled, Amazon DocumentDB exports your cluster’s auditing records (JSON documents) to Amazon CloudWatch Logs. You can use Amazon CloudWatch Logs to analyze, monitor, and archive your Amazon DocumentDB auditing events.

Answer A: https://docs.aws.amazon.com/documentdb/latest/developerguide/event-auditing.html Step 2. Enable Amazon CloudWatch Logs Export When the value of the audit_logs cluster parameter is enabled, you must also enable Amazon DocumentDB to export logs to Amazon CloudWatch. If you omit either of these steps, audit logs will not be sent to CloudWatch. Do not get confused with "Amazon DocumentDB records Data Definition Language (DDL), authentication, authorization, and user management events to Amazon CloudWatch Logs." The above event start to get recorded when you enable auditing via enabling audit_log parameter.

Answer A: https://docs.aws.amazon.com/documentdb/latest/developerguide/event-auditing.html Step 2. Enable Amazon CloudWatch Logs Export When the value of the audit_logs cluster parameter is enabled, you must also enable Amazon DocumentDB to export logs to Amazon CloudWatch. If you omit either of these steps, audit logs will not be sent to CloudWatch. When creating a cluster, performing a point-in-time-restore, or restoring a snapshot, you can enable CloudWatch Logs by following these steps. Do not get confused with "Amazon DocumentDB records Data Definition Language (DDL), authentication, authorization, and user management events to Amazon CloudWatch Logs." The above event start to get recorded when you enable auditing via enabling audit_log parameter.