MemberAugust 14, 2023 at 9:52 pm
Hello, there is a question that asks:
A multinational investment bank is implementing regulatory compliance checks over their AWS accounts. All API calls made on each of their AWS resources across their accounts must be monitored and tracked for auditing purposes. AWS CloudTrail will be used to monitor all API activities and detect sensitive security issues in the company’s AWS accounts. The DevOps Team was assigned to come up with a solution to remediate CloudTrail from being disabled on some AWS accounts automatically.
As a DevOps Engineer, what solution should you apply that provides the LEAST amount of downtime for the CloudTrail log deliveries?
The provided answer in the exam is:
cloudtrail-enabledAWS Config managed rule with a periodic interval of 1 hour to evaluate whether your AWS account enabled the AWS CloudTrail. Set up a CloudWatch Events rule for AWS Config rules compliance change. Launch a Lambda function that uses the AWS SDK and add the Amazon Resource Name (ARN) of the Lambda function as the target in the CloudWatch Events rule. Once a
StopLoggingevent is detected, the Lambda function will re-enable the logging for that trail by calling the
StartLoggingAPI on the resource ARN.
However, this is incorrect. The answer is actually:
cloudtrail-enabledAWS Config managed rule to evaluate whether the AWS account enabled AWS CloudTrail with a trigger type of
Configuration changes. By default, this managed rule will automatically remediate the accounts that disabled its CloudTrail.
Please see for reference:
“To ensure that CloudTrail remains enabled in your account, AWS Config provides the
cloudtrail-enabledmanaged rule. If CloudTrail is turned off, the
cloudtrail-enabledrule automatically re-enables it by using automatic remediation.”
Log in to reply.