Answer these questions. The answers follow the last question. If you cannot answer these questions correctly, consider reading this section again until you can.
1. What are the minimum requirements for an S3 bucket that will be used to store ELB access logs? (Choose two.)
A. It must be in the same AZ as the ELB.
B. It must be in the same region as the ELB.
C. The bucket policy must be configured to grant write permissions to ELB logs.
D. Encryption must be manually enabled on the bucket.
2. Which information can be found in ELB access logs? (Choose three.)
A. The client’s IP address
B. Latency
C. The ELB IP address
D. Server responses
E. S3 bucket name
1. Answer: B and C are correct. The S3 bucket must be in the same region as the ELB. The bucket policy must be configured to allow ELB access logs to write to the bucket.
2. Answer: A, B, and D are correct. ELB access logs capture details of requests sent to your load balancer such as the time of the request, the client IP, latency, and server responses.
This section covers the following objective of Domain 5 (Networking and Content Delivery) from the official AWS Certified SysOps Administrator – Associate (SOA-C02) exam guide:
5.3 Troubleshoot network connectivity issues
If you can correctly answer these questions before going through this section, save time by skimming the Exam Alerts in this section and then completing the Cram Quiz at the end of the section.
1. What three services must be configured to be able to perform comprehensive AWS WAF ACL logging?
2. What is the purpose on the Kinesis Data Firehose when configuring AWS WAF ACL logging?
1. Answer: The AWS WAF web ACL, Kinesis Data Firehose, and S3.
2. Answer: The logs are received by Kinesis Data Firehose, which can trim the logs and reduce the amount of data that gets stored in S3.
The AWS Web Application Firewall (WAF) protects your resources and stops malicious traffic. Rules can be created based on conditions like HTTP headers, HTTP body, URI strings, SQL injection, and cross-site scripting. You can enable logging to get capture information such as the time and nature of requests and the web ACL rule that each request matched.
The logs are received by Kinesis Data Firehose, which can be used to trim the logs and reduce the amount of data that gets stored. The logs are commonly stored in S3 after being processed by Kinesis. The Kinesis delivery stream can easily be created using a CloudFormation template that is available on the AWS website.
To configure AWS WAF ACL comprehensive logging, the first step is to create the S3 bucket that the data will be stored in. You must configure an access policy to allow Kinesis Data Firehose to write to the S3 bucket. The next step is to create a Kinesis Data Firehose and give it the necessary IAM role to write to the S3 bucket. Finally, you must associate the AWS WAF with the Kinesis Data Firehose and enable logging.
These logs can be helpful when determining what types of rules should be created or modified. A web ACL can allow or deny traffic based on the source IP address, country of origin of the request, string match or regular expression (regex) match, or the detection of malicious SQL code or scripting. For example, a request could include a header with some identifying information, such as the name of the department. A string or regex match could be used to identify that traffic, and the logs could be used to determine the volume of matching requests.
A web ACL can allow or deny traffic based on the source IP address, country of origin of the request, string match or regular expression (regex) match, or the detection of malicious SQL code or scripting. You can also use the logs that are generated to examine the number of requests, the nature of those requests, and where they originate from.
Acedexam Training Policies
Learning resources
Other resources
Our Training Providers
