Your CTO has asked you to make sure that you know what all users of your AWS account are doing to change resources
at all times. She wants a report of who is doing what over time, reported to her once per week, for as broad a resource
type group as possible. How should you do this?
Create a global AWS CloudTrail Trail. Configure a script to aggregate the log data delivered to S3 once per week and deliver this to
Use CloudWatch Events Rules with an SNS topic subscribed to all AWS API calls. Subscribe the CTO to an email type delivery on
this SNS Topic.
Use AWS IAM credential reports to deliver a CSV of all uses of IAM User Tokens over time to the CTO.
Use AWS Config with an SNS subscription on a Lambda, and insert these changes over time into a DynamoDB table. Generate
reports based on the contents of this table.
This is the ideal use case for AWS CloudTrail. CloudTrail provides visibility into user activity by recording API calls made
on your account. CloudTrail records important information about each API call, including the name of the API, the identity
of the caller, the time of the API call, the request parameters, and the response elements returned by the AWS service.
This information helps you to track changes made to your AWS resources and to troubleshoot operational issues.
CloudTrail makes it easier to ensure compliance with internal policies and regulatory standards.