Answer: AWS CloudTrail, Amazon S3 Intelligent-Tiering

## Explanation **AWS CloudTrail** is the correct service for logging API requests to Amazon Bedrock because: - CloudTrail is AWS's service for logging API calls and events across AWS services - It captures detailed information about API requests made to Amazon Bedrock, including who made the request, when it was made, and what actions were performed - CloudTrail logs can be delivered to Amazon S3 for long-term storage **Amazon S3 Intelligent-Tiering** is the correct storage class for cost-effective 5-year retention because: - S3 Intelligent-Tiering automatically moves objects between two access tiers (frequent and infrequent access) based on changing access patterns - For long-term storage (5 years), most logs will be accessed infrequently, making Intelligent-Tiering more cost-effective than S3 Standard - It provides the lowest possible cost while maintaining durability and availability - The storage class is designed for data with unknown or changing access patterns **Why not the other options:** - **Amazon CloudWatch (B)**: While CloudWatch can monitor and log metrics, it's not specifically designed for comprehensive API request logging like CloudTrail - **AWS Audit Manager (C)**: This service helps automate compliance assessments, not API request logging - **Amazon S3 Standard (E)**: While it could store the logs, it's more expensive than Intelligent-Tiering for long-term storage where data access is infrequent **Key Points:** 1. CloudTrail is the standard AWS service for API call logging 2. S3 Intelligent-Tiering optimizes costs by automatically moving data to the most cost-effective access tier 3. For 5-year retention with infrequent access, Intelligent-Tiering provides better cost optimization than S3 Standard

Author: Ritesh Yadav