Your security officer has told you that you need to tighten up the logging of all events that occur on your AWS account.
He wants to be able to access all events that occur on the account across all regions quickly and in the simplest way possible.
He also wants to make sure that he is the only person who can access these events in the most secure way possible.
Which of the following would be the best solution to assure his requirements are met? Choose the correct answer from the options below.
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - A.
AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account.
With CloudTrail, you can log, continuously monitor, and retain events related to API calls across your AWS infrastructure.
CloudTrail provides a history of AWS API calls for your account, including API calls made through the AWS Management Console, AWS SDKs, command-line tools, and other AWS services.
This history simplifies security analysis, resource change tracking, and troubleshooting.
You can design cloudtrail to send all logs to a central S3 bucket.
For more information on cloudtrail, please visit the below URL:
https://aws.amazon.com/cloudtrail/The best solution to meet the security officer's requirements is option A - Use CloudTrail to log all events to one S3 bucket. Make this S3 bucket only accessible by your security officer with a bucket policy that restricts access to his user only and adds MFA to the policy for a further security level.
Here's why:
CloudTrail is an AWS service that enables you to log, monitor, and retain events related to API calls across your AWS infrastructure. It records all API activity and saves it in a log file in an S3 bucket. With CloudTrail, you can track changes to resources, identify who made the changes, and see what actions were performed.
Option A suggests logging all events to a single S3 bucket. This makes it easier to search for and view events as they're all in one place. Additionally, the security officer can quickly access all events that occur on the account across all regions.
To ensure the security of the S3 bucket, a bucket policy can be created that restricts access to only the security officer's user. This ensures that only the security officer can access the logs, and no one else can. MFA can also be added to the policy for an additional layer of security, requiring the security officer to provide an additional authentication factor when accessing the logs.
Option B suggests logging all events to an Amazon Glacier Vault. However, this solution is not suitable for this use case as Glacier is a low-cost storage option designed for long-term data archiving and retrieval, and accessing the logs may take longer. Additionally, limiting access to the security officer's IP address is not sufficient for security, as IP addresses can be spoofed or compromised.
Option C suggests sending all API calls to CloudWatch and sending an email to the security officer every time an API call is made. While CloudWatch is a useful tool for monitoring and logging AWS resources, it is not the best solution for logging all events in an AWS account. Additionally, emailing logs is not secure enough as emails can be intercepted or compromised.
Option D suggests logging all events to a separate S3 bucket in each region, which may result in multiple buckets to manage. CloudTrail can only write to a bucket in the same region, so multiple buckets may be required for an AWS account that spans multiple regions. While MFA and bucket policies can be added to each bucket to increase security, this solution may be cumbersome and difficult to manage over time.
In summary, option A is the best solution for logging all events that occur on an AWS account across all regions. It provides a single location for viewing logs, while also ensuring the security officer is the only one who can access the logs with the additional security measure of MFA.