Prev Question
Next Question

You have a high security requirement for your AWS accounts. What is the most rapid and sophisticated setup you can
use to react to AWS API calls to your account?

A.
Subscription to AWS Config via an SNS Topic. Use a Lambda Function to perform in-flight analysis and reactivity to changes as they
occur.

B.
Global AWS CloudTrail setup delivering to S3 with an SNS subscription to the deliver notifications, pushing into a Lambda, which
inserts records into an ELK stack for analysis.

C.
Use a CloudWatch Rule ScheduleExpression to periodically analyze IAM credential logs. Push the deltas for events into an ELK stack
and perform ad-hoc analysis there.

D.
CloudWatch Events Rules which trigger based on all AWS API calls, submitting all events to an AWS Kinesis Stream for arbitrary
downstream analysis.

Explanation:
CloudWatch Events allow subscription to AWS API calls, and direction of these events into Kinesis Streams. This allows
a unified, near real-time stream for all API calls, which can be analyzed with any tool(s) of your choosing downstream.
http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/EventTypes.html#api_event_type

Prev Question
Next Question

Leave a Reply

Your email address will not be published. Required fields are marked *