An IT firm uses AWS Resource Access Manager to share AWS Network Firewall with multiple accounts in an organization.
The Security Team is looking for recent activities using AWS Resource Access Manager API calls to modify firewall policies in AWS Network Firewall. Which component can be viewed to get the required details without any additional configuration?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: C.
AWS Resource Access Manager is integrated with AWS CloudTrail.
All API calls made to AWS Resource Access Manager are captured by AWS CloudTrail.
When there is any activity with AWS Resource Access Manager, it's recorded in AWS CloudTrail in Event History.
All recent activities can be viewed from Event History in CloudTrail Console.
Option A is incorrect as Log files are delivered to the Amazon S3 bucket, not to the Amazon EC2 instance.
Option B is incorrect as Log files are delivered to the Amazon S3 bucket only when a trail is configured.
This will require a trail to be configured.
Option D is incorrect as when trail is configured, log files are delivered to Amazon S3 bucket and cannot be viewed in CloudTrail Console.
For more information on AWS RAM, refer to the following URL,
https://docs.aws.amazon.com/ram/latest/userguide/logging-using-cloudtrail.htmlThe correct answer is C. View Event History in CloudTrail Console.
CloudTrail is a service provided by AWS that enables governance, compliance, operational auditing, and risk auditing of your AWS account. CloudTrail provides a record of events that take place within your AWS account, including API calls made to AWS services such as AWS Resource Access Manager and AWS Network Firewall.
When an API call is made, CloudTrail records the event in an event log. This event log can be viewed using the CloudTrail Console or through the AWS CLI or SDKs.
In this scenario, the Security Team wants to view recent activities using AWS Resource Access Manager API calls to modify firewall policies in AWS Network Firewall. The Event History in the CloudTrail Console provides a view of all API activity within an AWS account, including the specific API calls made to AWS Resource Access Manager and AWS Network Firewall.
Option A is incorrect because log files delivered by CloudTrail in Amazon EC2 instance would require additional configuration to set up CloudTrail to deliver logs to an EC2 instance.
Option B is incorrect because log files delivered by CloudTrail in Amazon S3 bucket would require additional configuration to set up CloudTrail to deliver logs to an S3 bucket.
Option D is incorrect because Trails in CloudTrail Console is a configuration component and does not provide information on recent API calls or modifications made to AWS Resource Access Manager or AWS Network Firewall.