AWS Certified Solutions Architect - Professional
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
A financial services company offers a software-as-a-service (SaaS) platform for application compliance to large global banks. This SaaS platform operates on AWS and utilizes multiple AWS accounts managed within an AWS Organizations setup. The platform leverages numerous AWS resources across various regions. To comply with regulatory standards, all API calls made to these AWS resources must be audited, tracked for any modifications, and securely stored in a durable data repository. What is the most efficient solution that minimizes operational overhead while fulfilling these compliance requirements?
Explanation:
The correct answer is C. This option recommends creating a new AWS CloudTrail trail in the organization's management account and using a new Amazon S3 bucket with versioning enabled for log storage. This setup ensures that all API calls across the organization are audited and securely stored in a single, version-controlled S3 bucket. Additionally, it minimizes operational overhead by centralizing log storage and management. Enabling MFA delete and encryption on the S3 bucket further enhances the security and durability of the logs. Option A uses an existing S3 bucket, which is not as secure as creating a new dedicated bucket. Option B requires creating multiple trails and buckets across accounts, increasing operational overhead. Option D suggests using SNS for external management, adding unnecessary complexity without providing additional compliance benefits.