Your company is standing up a new DynamoDB table for an application and will store the customers' credit card information that have made purchases on your eCommerce store.
You have been asked to track the AWS API calls that DynamoDB sends to AWS KMS for data encryption.
How will you achieve this?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: C.
Option A is incorrect as cloudwatch logs show logs created by DynamoDb but can't confirm if KMS was used.
Option B is incorrect streams record the values added to the DynamoDb table.
Option C is CORRECT as per AWS documentation, “you can use AWS CloudTrail logs to track the requests that DynamoDB sends to AWS KMS on your behalf.
“ CloudTrail is used to audit API calls between AWS services.
Option D is incorrect as no such metrics exist in CloudWatch.
Reference:
https://docs.aws.amazon.com/kms/latest/developerguide/services-dynamodb.htmlThe correct answer is C. Use CloudTrail logs.
CloudTrail is a service provided by AWS that tracks and logs all API calls made within an AWS account. It captures detailed information about the identity of the caller, the time of the call, the source IP address, the request parameters, and the response elements returned by the AWS service. CloudTrail logs can be used for security analysis, compliance auditing, and troubleshooting.
In this scenario, we need to track the AWS API calls that DynamoDB sends to AWS KMS for data encryption. Since CloudTrail logs all API calls made within an AWS account, we can use it to track the calls made by DynamoDB to KMS for data encryption. By analyzing the CloudTrail logs, we can determine the frequency of the calls, the number of requests, and the types of requests made.
Option A, Use CloudWatch logs, is incorrect because CloudWatch is a monitoring service that provides metrics, logs, and alarms for AWS resources and applications. While CloudWatch logs can be used to monitor and troubleshoot applications, it does not track AWS API calls.
Option B, Use DynamoDB streams, is incorrect because DynamoDB streams are used to capture and process item-level changes made to a DynamoDB table. While DynamoDB streams can be used for real-time data processing and analysis, it does not track AWS API calls.
Option D, Use CloudWatch metrics, is incorrect because CloudWatch metrics are used to monitor the performance and health of AWS resources and applications. While CloudWatch metrics can be used to monitor and troubleshoot applications, it does not track AWS API calls.