Answer-first summary for fast verification
Answer: Use the s3-bucket-logging-enabled AWS Config managed rule. Add a remediation action that uses the AWS-ConfigureS3BucketLogging AWS Systems Manager Automation runbook to enable logging.
AWS Config managed rules evaluate whether your AWS resources comply with your desired configurations. The `s3-bucket-logging-enabled` managed rule specifically checks if logging is enabled for your S3 buckets. Using an AWS Systems Manager (SSM) Automation runbook (`AWS-ConfigureS3BucketLogging`) for remediation is the most operationally efficient method as it uses an out-of-the-box AWS managed solution without the need to write and maintain custom code (like an AWS Lambda function).
Author: Ritesh Yadav
Ultimate access to all questions.
Question #19
A CloudOps engineer must ensure that all of a company's current and future Amazon S3 buckets have logging enabled. If an S3 bucket does not have logging enabled, an automated process must enable logging for the S3 bucket.
Which solution will meet these requirements?
A
Use AWS Trusted Advisor to perform a check for S3 buckets that do not have logging enabled. Configure the check to enable logging for S3 buckets that do not have logging enabled.
B
Configure an S3 bucket policy that requires all current and future S3 buckets to have logging enabled.
C
Use the s3-bucket-logging-enabled AWS Config managed rule. Add a remediation action that uses an AWS Lambda function to enable logging.
D
Use the s3-bucket-logging-enabled AWS Config managed rule. Add a remediation action that uses the AWS-ConfigureS3BucketLogging AWS Systems Manager Automation runbook to enable logging.
No comments yet.