An auditor needs read-only access to all AWS resources and logs of all VPC records and events that have occurred on AWS.
What is the best way for creating this sort of access? Choose the correct answer from the options below.
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - C.
AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account.
With CloudTrail, you can log, continuously monitor, and retain events related to API calls across your AWS infrastructure.
CloudTrail provides a history of AWS API calls for your account, including API calls made through the AWS Management Console, AWS SDKs, command line tools, and other AWS services.
This history simplifies security analysis, resource change tracking, and troubleshooting.
For more information on Cloudtrail please see the below link:
https://aws.amazon.com/cloudtrail/The best way to provide an auditor with read-only access to all AWS resources and logs of all VPC records and events that have occurred on AWS is by enabling CloudTrail logging and creating an IAM user with read-only permissions to the required AWS resources, including the bucket containing the CloudTrail logs. Therefore, option C is the correct answer.
CloudTrail is a service that records API calls made in AWS services, including AWS Management Console, SDKs, command-line tools, and other services. It creates log files that capture resource changes, including VPC records and events. By enabling CloudTrail, an auditor can access logs of all VPC records and events that have occurred on AWS.
To grant an auditor read-only access to AWS resources, an IAM user must be created with the required permissions. The IAM user should have read-only permissions to the AWS resources that the auditor needs to access. The auditor can then use the IAM user credentials to access the resources through the AWS Management Console or the AWS CLI.
In addition, the IAM user should also have read-only access to the S3 bucket containing the CloudTrail logs. This will allow the auditor to view and analyze the logs to identify any changes made to the VPC resources.
Option A is incorrect because contacting AWS is not necessary for granting access to resources. AWS provides a range of tools and services to manage access to resources.
Option B is incorrect because creating a role is not sufficient to grant access to all AWS resources and logs. A role is a set of permissions that can be assumed by an IAM user or an AWS service.
Option D is incorrect because SNS is a messaging service, and it cannot be used to provide access to resources.