You are an AWS consultant working in a startup IT company.
The company wanted to increase visibility into its user and resource activity in AWS.
So CloudTrail was turned on.
As most resources were used in region ap-south-1, the trail was only configured to collect the activities in that region.
The CloudTrail is saved in an S3 bucket.
However, the customer is worried that if some disaster in region ap-south-1 happens, the CloudTrail data may get lost.
Which actions should you take to address the concern?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer - C.
According to.
https://docs.aws.amazon.com/en_us/awscloudtrail/latest/userguide/disaster-recovery-resiliency.htmlresilience in CloudTrail should be considered to ensure that there is no data loss when failure happens in an AWS region.
Option A is incorrect: Because encryption with SSE-KMS does not help on preventing data loss.
Option B is incorrect: Because in the CloudTrail console, the user cannot configure another S3 bucket.
Only 1 bucket can be configured.
Option C is CORRECT: Because Cross-Region Replication asynchronously copies data to another region, which can address the problem.
Option D is incorrect: This option brings extra efforts by creating a Lambda Function since the S3 bucket already provides a feature to replicate files automatically across different regions.
The customer is concerned about the potential loss of CloudTrail data in the event of a disaster in the region where the data is currently stored. To address this concern, several options are available, each with its own advantages and disadvantages:
A. Enable the encryption with SSE-KMS for the S3 bucket of the CloudTrail. Enabling server-side encryption with AWS Key Management Service (SSE-KMS) can help protect data at rest in the S3 bucket where the CloudTrail data is stored. This is a good security practice in general, but it does not directly address the concern about disaster recovery.
B. In the CloudTrail console, add another S3 bucket in a different region as the target for the trail. Adding another S3 bucket in a different region as the target for the CloudTrail trail can help ensure that the data is replicated to a separate location. However, this does not provide a complete disaster recovery solution, as there is still the risk that both buckets could be affected by a single event (e.g., a natural disaster that impacts both regions).
C. Enable Cross-Region Replication for the trail S3 bucket to automatically copy objects in a different AWS Region. Enabling cross-region replication (CRR) for the CloudTrail trail S3 bucket can help ensure that data is automatically copied to a separate location in real-time. This provides a more complete disaster recovery solution, as the replicated data can be used to restore the original data in the event of a disaster.
D. Create a Lambda Function that can read files in the trail S3 bucket and copy the log files to an S3 bucket in another region. Creating a Lambda function that can read files in the CloudTrail trail S3 bucket and copy them to an S3 bucket in another region can help ensure that data is replicated to a separate location. However, this approach requires custom development work and ongoing maintenance to ensure that the Lambda function continues to work correctly.
In summary, option C - enabling Cross-Region Replication for the trail S3 bucket to automatically copy objects in a different AWS Region - provides the most complete disaster recovery solution for the CloudTrail data. However, enabling server-side encryption with SSE-KMS for the S3 bucket is also a good security practice that can help protect the data at rest.