Your company is making use of Kinesis streams.
There are several applications that are built on EC2 Instances with access to Kinesis streams via IAM Roles.
As per the security audit, it is required to track the calls made to create streams within the Kinesis service.
Which method can be used to achieve the requirement?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - C.
The AWS Documentation mentions the following.
Amazon Kinesis Data Streams is integrated with AWS CloudTrail, which captures API calls made by or on behalf of Kinesis Data Streams and delivers the log files to the Amazon S3 bucket that you specify.
The API calls can be made indirectly by using the Kinesis Data Streams console or directly by using the Kinesis Data Streams API.
Using the information collected by CloudTrail, you can determine what request was made to Kinesis Data Streams, the source IP address from which the request was made, who made the request, when it was made, and so on.
Option A is incorrect because there is no API tracker with AWS Kinesis.
Option B is incorrect because there is no need to include all management activities in the trail.
Option C is CORRECT because CloudTrail supports the Amazon Kinesis Data Streams service.
For more information on logging with CloudTrail, please refer to the below URL.
https://docs.aws.amazon.com/streams/latest/dev/logging-using-cloudtrail.htmlThe correct answer is option C: Create a CloudTrail trail and include the Amazon Kinesis Data Streams service.
CloudTrail is an AWS service that provides a record of actions taken by a user, role, or an AWS service in an AWS account. It tracks all management activities and API calls made within an AWS account, including calls made to Amazon Kinesis Data Streams. By default, CloudTrail records API calls for many AWS services, but not all services are enabled by default. Therefore, to track calls made to create streams within the Kinesis service, a CloudTrail trail should be created and Amazon Kinesis Data Streams should be included in the trail.
Option A is incorrect because the Kinesis API tracker is not an AWS service. It is a third-party tool that can be used to track the requests made to the streams. However, it is not the best solution to meet the security audit requirements because it requires additional setup and management, and may not be able to track all API calls made to the Kinesis service.
Option B is partially correct because creating a CloudTrail trail is required to track all management activities. However, it does not specifically address the requirement to track calls made to create streams within the Kinesis service. Therefore, including the Amazon Kinesis Data Streams service in the CloudTrail trail is necessary to meet the requirement.
Option D is incorrect because there is an AWS service and tool that can trace the Amazon Kinesis Data Streams activities, which is CloudTrail.
In summary, to track calls made to create streams within the Kinesis service, create a CloudTrail trail and include the Amazon Kinesis Data Streams service.