A company runs a web application on Amazon EC2 instances behind an Application Load Balancer (ALB). The SysOps team needs to capture detailed HTTP request-level data, including headers and payload, for troubleshooting purposes. The data should be stored in Amazon S3 for analysis. Which solution meets these requirements with the LEAST operational overhead?
ALB access logs provide detailed HTTP request data and are automatically delivered to S3.
Why this answer
Option C is correct because ALB access logs capture detailed HTTP request-level data, including headers and payload, and can be directly delivered to an S3 bucket without any additional agents or configuration on the EC2 instances. This native integration minimizes operational overhead by eliminating the need to install or manage logging agents on each instance.
Exam trap
The trap here is confusing network-level logs (VPC Flow Logs) or API-level logs (CloudTrail) with application-level HTTP logs, leading candidates to overlook the native ALB access log feature that directly captures the required data with zero instance management.
How to eliminate wrong answers
Option A is wrong because installing the CloudWatch Logs agent on each EC2 instance requires manual setup and maintenance on every instance, increasing operational overhead, and Apache access logs do not capture the full HTTP request payload and headers that the ALB can provide. Option B is wrong because VPC Flow Logs capture network-level metadata (IP addresses, ports, protocols) but not HTTP request-level data such as headers or payload. Option D is wrong because AWS CloudTrail with data events for the ALB records API calls to the ALB (e.g., CreateLoadBalancer, ModifyListener) and does not capture HTTP request-level data like headers or payload.