The operations Team has observed that few critical vaults are deleted from the Amazon S3 Glacier using AWS CLI.
Operation Head is looking for details of the users who perform these operations.
They are seeking help from you specifically to get the time of deletion and source IP address. Which service can be used to get the required information?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: B.
Amazon S3 Glacier is integrated with Amazon CloudTrail.
A CloudTrail trail can be created to log all events to Amazon S3 buckets.
All the API actions made to vault like describe vault, delete vault, create vaults in Amazon S3 Glacier are captured in these logs.
Logs consist of details like time of activity as well as details of users which includes account id, user name, arn, etc.
Data Events provides insights into data plane operations on the resources which include operations such as Amazon S3 object-level APIs and Lambda function invoke API.
For logging operations made to Amazon S3 Glacier, data events are not required.
Option A is incorrect as Amazon CloudTrail trail with data events is required for Amazon S3 to log objects levels events.
It is not required to log actions made to vaults in Amazon S3 Glacier.
Option C is incorrect as the AWS Config rule cannot be used to get details of the changes made to Amazon S3 Glacier vaults.
Option D is incorrect as AWS Trusted Advisor cannot be used to get details of the changes made to Amazon S3 Glacier vaults.
For more information on Amazon CLoudTrail logs for Amazon S3 Glacier, refer to the following URL,
https://docs.aws.amazon.com/amazonglacier/latest/dev/audit-logging.html https://aws.amazon.com/cloudtrail/faqs/The service that can be used to get the required information of the users who perform the deletion of critical vaults from Amazon S3 Glacier using AWS CLI is Amazon CloudTrail.
Amazon CloudTrail is a web service that records AWS API calls and events for your account and delivers log files to an Amazon S3 bucket. The logs can be used to perform security analysis, resource change tracking, and compliance auditing. CloudTrail provides visibility into user activity by recording API calls made on your account.
To get the time of deletion and source IP address of the users who performed the deletion of critical vaults, an Amazon CloudTrail trail can be created to log data events. A trail is a configuration that enables delivery of events as log files to an Amazon S3 bucket. A trail can be set up to capture a subset of management and data events in an AWS account. CloudTrail can record the source IP address of the API calls made to AWS services, which can be used to identify the user who performed the operation.
Option A is the correct answer because it specifically mentions creating a CloudTrail trail to log data events. Option B, on the other hand, suggests creating a trail to log all events which might not be necessary and could result in a large amount of log data. Option C, creating an AWS Config rule, is not relevant to the requirement of getting the time of deletion and source IP address. Option D, creating AWS Trusted Advisor checks, is also not relevant to the requirement of identifying the users who perform the deletion of critical vaults.