AWS Certified Developer - Associate
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
As part of a recent project, a development team activated and set up AWS CloudTrail to monitor all Amazon S3 buckets involved in the project. The project manager, who has ownership of all the S3 buckets, observed that he was not receiving object-level API access logs when the data was accessed by a different AWS account.
What could explain this behavior/error?
Explanation:
The bucket owner also needs to be object owner to get the object access logs
If the bucket owner is also the object owner, the bucket owner gets the object access logs. Otherwise, the bucket owner must get permissions, through the object ACL, for the same object API to get the same object-access API logs.
Incorrect options:
CloudTrail always delivers object-level API access logs to the requester and not to object owner - CloudTrail always delivers object-level API access logs to the requester. In addition, CloudTrail also delivers the same logs to the bucket owner only if the bucket owner has permissions for the same API actions on that object.
CloudTrail needs to be configured on both the AWS accounts for receiving the access logs in cross-account access
The meta-data of the bucket is in an invalid state and needs to be corrected by the bucket owner from AWS console to fix the issue
These two options are incorrect and are given only as distractors.