You are working as a SysOps architect for a media firm.
All news footage files are uploaded in S3 buckets.
To archive old video footage, you set S3 Lifecycle policies to move these files to STANDARD_IA after 30 days & to S3 Glacier vaults after 90 days.
For all compliance & audit requirements, you are looking for a tool to gather records across all regions.
Which of the following can be used to evaluate AWS Glacier vaults? Choose 2 options.
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answers: B and D.
AWS Config doesn't currently record Amazon S3 Glacier vaults.
You can create custom rules to run evaluations for resource types not yet recorded by AWS Config.
To create a custom rule, you first create an AWS Lambda function, which contains the evaluation logic for the rule.
Then you associate the function with a custom rule that you create in AWS Config.
Option A is incorrect Enabling Audit logging on Amazon S3 Glacier with AWS CloudTrail will record actions taken by a user, role, or an AWS service in Glacier.
Option C is incorrect AWS Config managed rules are predefined, customizable rules that AWS Config uses to evaluate whether your AWS resources comply with common best practices.
Currently, S3 Glaciers is not supported by these rules.
For more information on custom AWS config rules with Lambda function, check the following link-
https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_develop-rules_nodejs.html https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_use-managed-rules.htmlAs a SysOps architect for a media firm, you have set up S3 Lifecycle policies to move old video footage from S3 buckets to S3 Standard-Infrequent Access (S3 Standard_IA) after 30 days and to S3 Glacier vaults after 90 days. To meet compliance and audit requirements, you need to evaluate the AWS Glacier vaults where the old footage is being stored.
There are a few different options available to evaluate AWS Glacier vaults, but two of the best options are to enable audit logging on Amazon S3 Glacier with AWS CloudTrail and to create an AWS Config custom rule or a managed rule and assign a Lambda function to that rule.
Option A: Enable Audit Logging on Amazon S3 Glacier with AWS CloudTrail This option involves enabling AWS CloudTrail, a service that provides a record of actions taken by a user, role, or an AWS service in S3 Glacier. When you enable AWS CloudTrail, you can configure it to log data events that are related to S3 Glacier. These data events can be used to monitor the access and usage of your Glacier vaults. AWS CloudTrail can be used to identify who made an API call to Glacier, the source IP address of the API call, the timestamp of the API call, and the action that was taken. This information can be used to evaluate whether your Glacier vaults are being accessed appropriately and to meet compliance requirements.
Option B: Create an AWS Config Custom Rule and Assign a Lambda Function to This Rule This option involves creating an AWS Config custom rule and assigning a Lambda function to that rule. AWS Config is a service that provides a detailed inventory of AWS resources and their configuration histories. AWS Config can be used to evaluate your Glacier vaults by creating a custom rule that checks whether your Glacier vaults are compliant with specific criteria. You can create a custom rule that checks the access and usage of your Glacier vaults, and assigns a Lambda function to the rule that evaluates the results of the rule. The Lambda function can be used to trigger alerts or take action if non-compliant activity is detected.
Option C: Create an AWS Config Managed Rule and Assign a Lambda Function to This Rule This option involves creating an AWS Config managed rule and assigning a Lambda function to that rule. AWS Config provides a set of pre-defined managed rules that can be used to evaluate your AWS resources. One of these managed rules is the Amazon S3 Glacier Vault Inventory rule. This rule provides a detailed inventory of your Glacier vaults, including the vault name, region, creation date, and number of archives. You can assign a Lambda function to the managed rule to take action if non-compliant activity is detected.
Option D: Create a Lambda Function to Evaluate AWS S3 Glacier Vault This option involves creating a Lambda function that evaluates the access and usage of your Glacier vaults. The Lambda function can be used to check the compliance of your Glacier vaults and trigger alerts or take action if non-compliant activity is detected. This option requires more manual setup and maintenance than the other options and may not be as effective as using AWS Config or AWS CloudTrail.
In summary, to evaluate AWS Glacier vaults, you can enable audit logging on Amazon S3 Glacier with AWS CloudTrail or create an AWS Config custom rule or a managed rule and assign a Lambda function to that rule. These options provide automated and detailed monitoring of your Glacier vaults to meet compliance and audit requirements.