You, as a sysops administrator, configure a bunch of web ACLs in AWS WAF.
In order to monitor whether the ACLs work as expected, you want to get detailed logs about traffic analyzed by the web ACLs.
The logs should include information such as the details of the requests and the action if a request matches a rule.
Which of the following sets of actions do you need to perform? (Select TWO.)
Click on the arrows to vote for the correct answer
A. B. C. D. E.Correct Answers: B and D.
Option A is incorrect because, according to https://docs.aws.amazon.com/waf/latest/developerguide/logging.html, Kinesis Data Stream cannot be used.
And there is no need to stream logs in real-time.
Option B is CORRECT because an Amazon Kinesis Data Firehose is required to put the logs.
The Firehose name should begin with "aws-waf-logs-".
Option C is incorrect because CloudWatch Log is not used for AWS WAF ACL logs.
Option D is CORRECT because you need to explicitly enable logging in WAF ACLs and choose the Kinesis Data Firehose to put the logs.
Option E is incorrect because a CloudWatch Log group cannot be selected as the logging destination of WAF ACLs.
Reference:
https://docs.aws.amazon.com/waf/latest/developerguide/logging.htmlTo monitor web ACLs in AWS WAF, detailed logs can be generated and analyzed to determine whether the ACLs work as expected. The logs provide information about the details of the requests and the actions taken if a request matches a rule. To generate the logs, the following actions need to be performed:
A. Create an Amazon Kinesis Data Stream for AWS WAF to forward logs in real-time.
This action involves setting up an Amazon Kinesis Data Stream that will receive logs in real-time as traffic is analyzed by the web ACLs. This will enable continuous monitoring of the traffic and analysis of the logs as they are generated.
B. Create an Amazon Kinesis Data Firehose using a name starting with the prefix "aws-waf-logs-".
This action involves setting up an Amazon Kinesis Data Firehose that will receive the logs generated by the Amazon Kinesis Data Stream. The data firehose is used to store and manage the logs for further analysis.
C. Create a CloudWatch Log group named with the prefix "aws-waf-logs-".
This action involves setting up a CloudWatch Log group that will receive and store the logs generated by the web ACLs. The log group can be used to manage, analyze, and monitor the logs.
D. In the AWS WAF console, select the ACLs, enable logging, and select the Kinesis Data Firehose as the destination.
This action involves configuring the web ACLs to enable logging and selecting the Amazon Kinesis Data Firehose as the destination for the logs. This will ensure that the logs generated by the web ACLs are forwarded to the Amazon Kinesis Data Firehose for storage and management.
E. In the AWS WAF console, select the ACLs and choose a CloudWatch Log group as the logging destination.
This action involves configuring the web ACLs to enable logging and selecting the CloudWatch Log group as the destination for the logs. This will ensure that the logs generated by the web ACLs are forwarded to the CloudWatch Log group for storage and management.
In summary, to monitor web ACLs in AWS WAF, a sysops administrator needs to create an Amazon Kinesis Data Stream, an Amazon Kinesis Data Firehose, and a CloudWatch Log group. They also need to configure the web ACLs to enable logging and select either the Amazon Kinesis Data Firehose or the CloudWatch Log group as the destination for the logs.