Jeff’s Note #
Unlike generic exam dumps, ADH analyzes this scenario through the lens of a Real-World Lead Developer.
For AWS DVA-C02 candidates, the confusion often lies in how to efficiently generate alarms from streaming application logs without modifying the application code. In production, this is about knowing exactly how CloudWatch Logs metric filters and alarms integrate with SNS for automated notifications. Let’s drill down.
The Certification Drill (Simulated Question) #
Scenario #
StreamlineTech, a SaaS company, hosts a customer-facing application on Amazon EC2 instances. The application produces detailed logs that are forwarded to Amazon CloudWatch Logs. The development team wants to implement a notification system that triggers an alert whenever the count of application error messages in the logs exceeds a predefined threshold within a rolling 5-minute window. The aim is to activate notifications without changing the existing application code.
The Requirement: #
Design a solution that automatically monitors error messages in CloudWatch Logs and sends alerts via Amazon SNS when error counts breach a threshold within 5 minutes.
The Options #
- A) Rewrite the application to send error logs directly to an Amazon SNS topic. Configure the SNS topic to notify subscribers when error messages exceed the threshold within a 5-minute time frame.
- B) Create a subscription filter on the CloudWatch Logs log group that triggers an SNS notification directly when error counts exceed the threshold in 5 minutes.
- C) Install the Amazon Inspector agent on the EC2 instances to monitor application errors and configure it to send SNS notifications upon exceeding error thresholds.
- D) Create a CloudWatch metric filter on the log group to identify the error pattern. Set up a CloudWatch alarm based on the custom metric to send SNS notifications when error counts exceed the threshold within 5 minutes.
Google adsense #
leave a comment:
Correct Answer #
D.
Quick Insight: The Developer Imperative #
The crucial detail is leveraging CloudWatch’s native metric filters to parse logs and generate custom metrics without touching app code. Then, use CloudWatch alarms on those metrics to trigger SNS notifications. This approach optimizes performance, reliability, and maintainability, which every lead developer should master.
Content Locked: The Expert Analysis #
You’ve identified the answer. But do you know the implementation details that separate a Junior from a Senior?
The Expert’s Analysis #
Correct Answer #
Option D
The Winning Logic #
This solution correctly uses a CloudWatch Logs metric filter to continuously scan log entries for error patterns, incrementing a custom CloudWatch metric whenever the pattern appears. A CloudWatch alarm set on this metric can then monitor the error count over a 5-minute evaluation window and trigger an SNS notification when the threshold is exceeded.
- This approach requires no modification to the existing application code.
- It offers near real-time monitoring with minimal latency.
- CloudWatch handles log ingestion, filtering, metric creation, and alarming natively.
- SNS acts as a flexible, scalable notification delivery mechanism.
The Trap (Distractor Analysis): #
-
A) Not correct: Rewriting the app to emit logs to SNS directly is impractical. SNS is not a log store and doesn’t support real-time counting or filtering over time windows. Plus, changing app code reduces agility and increases deployment risk.
-
B) Not correct: A CloudWatch Logs subscription filter streams log data to destinations (like Lambda or Kinesis) but doesn’t itself support generating alarms or SNS notifications based on aggregate counts. Subscription filters alone do not raise alarms.
-
C) Not correct: Amazon Inspector is a security assessment tool, not intended for log monitoring or error counting. Its agent doesn’t track application logs or trigger SNS notifications for error counts.
The Technical Blueprint #
B) For Developer / SysOps (Code/CLI Snippet): #
How to create the metric filter and alarm via AWS CLI:
# Create metric filter to match the error pattern
aws logs put-metric-filter \
--log-group-name "app-log-group" \
--filter-name "ErrorCountFilter" \
--filter-pattern "ERROR" \
--metric-transformations metricName=ErrorCount,metricNamespace=AppMetrics,metricValue=1
# Create the alarm on the custom metric
aws cloudwatch put-metric-alarm \
--alarm-name "HighErrorCountAlarm" \
--metric-name ErrorCount \
--namespace AppMetrics \
--statistic Sum \
--period 300 \
--evaluation-periods 1 \
--threshold 100 \
--comparison-operator GreaterThanThreshold \
--alarm-actions arn:aws:sns:region:account-id:AlertTopic
This sets up an error-recognition pipeline: log → metric filter → alarm → SNS.
The Comparative Analysis #
| Option | API Complexity | Performance | Use Case |
|---|---|---|---|
| A | High (code rewrite) | Poor (SNS not log store) | Impractical, high maintenance |
| B | Medium (subscription) | No direct alarm support | Requires additional processing |
| C | Low (agent install) | N/A | Security tool, not for error logs |
| D | Low (CloudWatch API) | High, real-time alarm | Best practice for log monitoring |
Real-World Application (Practitioner Insight) #
Exam Rule #
For the exam, always pick CloudWatch metric filters + alarms + SNS when you see the requirement to alert on error patterns in logs without modifying app code.
Real World #
In production, this pattern offers scalability, reliability, and low operational overhead. Sometimes Lambda functions process logs for more complex logic—but a metric filter + alarm is the simplest effective method.
(CTA) Stop Guessing, Start Mastering #
Disclaimer
This is a study note based on simulated scenarios for the AWS DVA-C02 exam.