Explanation:
AWS Config allows you to monitor the configuration of your AWS resources. The managed rule s3-bucket-logging-enabled checks if logging is enabled for your S3 buckets. By adding a remediation action using the AWS Systems Manager (SSM) Automation runbook AWS-ConfigureS3BucketLogging, you can automatically fix non-compliant buckets by enabling the logging feature. This provides a native, low-maintenance way to enforce compliance across both existing and future buckets.
Ultimate access to all questions.
Question 28
A SysOps administrator must ensure that all of a company's current and future Amazon S3 buckets have logging enabled. If an S3 bucket does not have logging enabled, an automated process must enable logging for the S3 bucket.
Which solution will meet these requirements?
A
Use AWS Trusted Advisor to perform a check for S3 buckets that do not have logging enabled. Configure the check to enable logging for S3 buckets that do not have logging enabled.
B
Configure an S3 bucket policy that requires all current and future S3 buckets to have logging enabled.
C
Use the s3-bucket-logging-enabled AWS Config managed rule. Add a remediation action that uses an AWS Lambda function to enable logging.
D
Use the s3-bucket-logging-enabled AWS Config managed rule. Add a remediation action that uses the AWS-ConfigureS3BucketLogging AWS Systems Manager Automation runbook to enable logging.
E
None of the above
F
None of the above
No comments yet.