A company has a set of resources defined in AWS. It is mandated that all API calls to the resources be monitored. Also all API calls must be stored for lookup purposes. Any log data greater than 6 months must be archived.
Which of the following meets these requirements? Choose 2 answers from the options given below. Each answer forms part of the solution.
A . Enable CloudTrail logging in all accounts into S3 buckets
B . Enable CloudTrail logging in all accounts into Amazon Glacier
C . Ensure a lifecycle policy is defined on the S3 bucket to move the data to EBS volumes after 6 months.
D . Ensure a lifecycle policy is defined on the S3 bucket to move the data to Amazon Glacier after 6 months.
Answer: A,D
Explanation:
Cloudtrail publishes the trail of API logs to an S3 bucket
Option B is invalid because you cannot put the logs into Glacier from CloudTrail
Option C is invalid because lifecycle policies cannot be used to move data to EBS volumes For more information on Cloudtrail logging, please visit the below URL: https://docs.aws.amazon.com/awscloudtrail/latest/usereuide/cloudtrail-find-log-files.htmll You can then use Lifecycle policies to transfer data to Amazon Glacier after 6 months For more information on S3 lifecycle policies, please visit the below URL: https://docs.aws.amazon.com/AmazonS3/latest/dev/object-lifecycle-mgmt.html
The correct answers are: Enable CloudTrail logging in all accounts into S3 buckets. Ensure a lifecycle policy is defined on the bucket to move the data to Amazon Glacier after 6 months.
Submit your Feedback/Queries to our Experts