You work as a Systems Administrator for a company.
An external audit is going to be conducted on several resources hosted on AWS.
As a part of the audit, you must give the recorded API-related activities carried out on the existing AWS resources.
Which of the following service would be able to fulfill this requirement?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: D.
The AWS Documentation mentions the following.
AWS CloudTrail is an AWS service that helps you enable governance, compliance, and operational and risk auditing of your AWS account.
Actions taken by a user, role, or an AWS service are recorded as events in CloudTrail.
Events include actions taken in the AWS Management Console, AWS Command Line Interface, and AWS SDKs and APIs.
Option A is incorrect because this service will not give you all the Activities recorded for each AWS resource.
Option B is incorrect because this can only give you recommendations.
Option C is incorrect because this is a configuration service.
For more information on AWS Cloudtrail, please refer to the below URL-
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.htmlThe service that can fulfill the given requirement of recording API-related activities carried out on existing AWS resources is AWS CloudTrail.
AWS CloudTrail is a service that provides a record of events related to API calls made on the AWS account. It captures the API calls made by or on behalf of a user, AWS service, or an AWS resource in the AWS Management Console, AWS SDKs, command-line tools, and higher-level AWS services.
CloudTrail logs include details such as who made the API call, the time of the call, which service was accessed, what actions were performed, the source IP address of the caller, and more. These logs can be used for security analysis, resource change tracking, compliance auditing, and troubleshooting.
On the other hand, AWS CloudWatch logs are used to monitor, store, and access log files from various sources, including AWS services, custom applications, and other sources. AWS Trusted Advisor is a service that provides recommendations for optimizing resources, improving security, and saving costs based on AWS best practices. AWS Config is used to manage and audit the configuration of AWS resources and track changes to them over time.
Therefore, the correct answer to the given question is option D, AWS CloudTrail, as it is the only service that captures and records API-related activities.