In your LAMP application, you have some developers that say they would like access to your logs.
However, since you are using an AWS Auto Scaling group, your instances are constantly being re-created.
What would you do to make sure that these developers can access these log files? Choose the most appropriate answer from the options below.
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - D.
One important security aspect is to never give access to actual servers.
Hence Options A, B and C are just totally wrong from a security perspective.
The best option is to use the CloudWatch Logs group to archive logs.
These logs can then be exported to S3.
Options A, B and C are all incorrect because you should not give access to the developers on the Apache servers.
For more information on S3, please refer to the below link.
https://aws.amazon.com/documentation/s3/The most appropriate answer to this question is D - Setup a CloudWatch Logs Group to store the logs. Archive these logs to an S3 bucket for developer-access.
Explanation:
LAMP is an acronym for Linux, Apache, MySQL, and PHP, which is a popular technology stack used for developing web applications. In this scenario, the web application is hosted on AWS Auto Scaling group instances, which means the instances are being constantly created and destroyed. This makes it difficult to grant access to the developers for the log files.
Option A - Give only the necessary access to the Apache servers so that the developers can gain access to the log files. This option is not ideal because it would require granting access to the production servers, which could pose a security risk. Additionally, since the instances are constantly being recreated, it would be difficult to manage access.
Option B - Give root access to your Apache servers to the developers. This option is not recommended as it would give full control to the developers, which could pose a security risk to the system.
Option C - Give read-only access to your developers to the Apache servers. This option is not ideal as it would still require granting access to the production servers, which could pose a security risk.
Option D - Setup a CloudWatch Logs Group to store the logs. Archive these logs to an S3 bucket for developer-access. This option is the most appropriate as it allows the log files to be stored securely in a CloudWatch Logs Group, which is designed for centralized log management. The logs can then be archived to an S3 bucket for developer-access. This provides a secure and scalable solution that does not require granting direct access to the production servers.
In conclusion, option D is the most appropriate answer as it provides a secure and scalable solution for granting access to log files in a LAMP application hosted on AWS Auto Scaling group instances.