A global engineering firm stores project-related sensitive data files in the Amazon S3 bucket in the us-west-1 region.
Security Head is looking for a detail of the API calls made to modify files in this bucket. What additional configuration can be done in AWS CloudTrail to capture these details?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: C.
CloudTrail Trails can be configured to log data events that provide visibility operations performed on or within a resource.
These events capture Amazon S3 object-level API calls like GetObject, DeleteObject, and PutObject.
Data events are not enabled by default and need to be explicitly enabled.
There are additional charges for capturing these events.
Options A & B are incorrect as Management events will capture only management-related operations performed on a Resource.
These events would not capture API calls made to objects within an Amazon S3 bucket.
Option D is incorrect as Insight events capture unusual events only for write management events.
For more information on logging data events for AWS CloudTrail, refer to the following URLs,
https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html https://aws.amazon.com/blogs/mt/aws-cloudtrail-best-practices/The correct answer is C. Enable Data events for trails in AWS CloudTrail.
AWS CloudTrail is a service that records and monitors API activity within an AWS account. CloudTrail logs are used to track API usage and to identify security and compliance issues. To capture the details of the API calls made to modify files in the Amazon S3 bucket in the us-west-1 region, Data events should be enabled for trails in AWS CloudTrail.
Data events capture all API activity related to object-level operations in Amazon S3 buckets, including object-level API calls such as GET, PUT, DELETE, and LIST operations. Data events also capture the details of the user who made the API call, the time of the call, and the source IP address from which the call originated.
In contrast, enabling read and write management events (option A) captures management-level API calls, such as creating and deleting S3 buckets, but not object-level operations. Enabling write management events (option B) captures only write-level management API calls, such as creating or deleting an object in an S3 bucket, but not read operations. Enabling Insight events (option D) does not capture the details of the API calls themselves but rather provides insight into account activity patterns and anomalous behavior.
Therefore, option C (Enable Data events for trails in AWS CloudTrail) is the correct answer as it captures all API activity related to object-level operations, including the modification of files in the S3 bucket in the us-west-1 region.