Your company is making extensive use of the AWS KMS service.
They have defined a number of CMK keys.
They want to be notified of any request that was made with the root user to create a key in the KMS service. How could you achieve this? (SELECT TWO.)
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: A and C.
Option A is CORRECT because we can use the CloudWatch event rule to monitor root user activities on the AWS account for the KMS service.
Option B is incorrect because the AWS CloudWatch metric provides a variable to monitor.
The data points represent the values of that variable over time, but it does not provide information on the root user activity.
Option A is CORRECT because we can use the CloudWatch event rule to monitor root user activity on the AWS account and use AWS SNS as a target for sending out notifications for the same.
Option D is incorrect because the AWS SQS provides a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications, but SQS would provide neither monitoring of root user activity nor event notification performed by the root account.
Reference:
https://aws.amazon.com/blogs/mt/monitor-and-notify-on-aws-account-root-user-activity/To achieve this, we can use a combination of two solutions:
Here's how we can implement these solutions:
CloudWatch Event Rules allow us to monitor and respond to events in AWS services. We can use a CloudWatch Event rule to detect the creation of CMKs by the root user in KMS. To do this, we need to create an Event rule that will match the event pattern for KMS key creation and the root user. Here are the steps to create an Event rule:
Step 1: Open the CloudWatch console Step 2: Create a new Event rule Step 3: Define the Event pattern
Step 4: Define the Target
Amazon SNS is a fully managed pub/sub messaging service that enables you to send messages from one application to another or to a group of subscribers. We can use SNS to send notifications to an email address, an SMS message, or an HTTP endpoint. Here are the steps to create an SNS topic:
Step 1: Open the SNS console Step 2: Create a new SNS Topic Step 3: Define the Topic
Step 4: Create the Subscription
Now, whenever the root user creates a new CMK key in KMS, the CloudWatch Event rule will detect the event and send a notification to the SNS topic. The SNS topic will then send an email notification to the specified email address.