A security engineer is auditing a production system and discovers several additional IAM roles that are not required and were not previously documented during the last audit 90 days ago. The engineer is trying to find out who created these IAM roles and when they were created. The solution must have the lowest operational overhead.
Which solution will meet this requirement?
A . Import AWS CloudTrail logs from Amazon S3 into an Amazon Elasticsearch Service cluster, and search through the combined logs for CreateRole events.
B . Create a table in Amazon Athena for AWS CloudTrail events. Query the table in Amazon Athena for CreateRole events.
C . Use AWS Config to look up the configuration timeline for the additional IAM roles and view the linked AWS CloudTrail event.
D . Download the credentials report from the IAM console to view the details for each IAM entity, including the creation dates.
Answer: A
Leave a Reply