There is an external audit being carried out on your company.
The IT auditor needs to have a log of 'who made the requests' to the AWS resources in the company's account.
Which of the below services can assist in providing these details?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - B.
Using CloudTrail, one can monitor all the API activity conducted on all AWS services.
The AWS Documentation additionally mentions the following.
AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account.
With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure.
CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services.
This event history simplifies security analysis, resource change tracking, and troubleshooting.
For more information on AWS Cloudtrail, please refer to the below URL:
https://aws.amazon.com/cloudtrail/The service that can assist in providing the required information is AWS CloudTrail.
AWS CloudTrail is a web service that records all API calls made in an AWS account, including who made the call, the services that were used, and the time of the call. CloudTrail provides visibility into user activity and resource changes in an AWS account. CloudTrail logs are used to track changes made to resources, to troubleshoot operational issues, and to provide compliance support.
In this case, the IT auditor needs to have a log of who made the requests to the AWS resources in the company's account. CloudTrail can provide this information by logging all API calls made in the account, including those made to AWS resources. The logs can be used to identify who made the requests, when the requests were made, and which resources were accessed.
AWS CloudWatch is a monitoring service for AWS resources and applications, and it can provide metrics and logs for those resources. However, it does not log API calls like CloudTrail does.
AWS EC2 is a virtual machine service and AWS SNS is a notification service, and neither of these services is designed to log API calls.
Therefore, the correct answer is B. AWS CloudTrail.