Which solution will meet these requirements?
Create an AWS CloudTraii trail in each account. Specify CloudTrail management events for the trail. Configure CloudTrail to send the events to Amazon CloudWatch Logs. Configure CloudWatch cross-account observability. Query the data in CloudWatch Logs Insights.
Use a delegated administrator account to create an AWS CloudTrail Lake data store. Specify CloudTrail management events for the data store. Enable the data store for all accounts in the organization. Query the data in CloudTrail Lake.
Use a delegated administrator account to create an AWS CloudTral trail. Specify CloudTrail management events for the trail. Enable the trail for all accounts in the organization. Keep all other settings as default. Query the CloudTrail data from the CloudTrail event history page.
Use AWS CloudFormation StackSets to deploy AWS CloudTrail Lake data stores in each account. Specify CloudTrail management events for the data stores. Keep all other settings as default, Query the data in CloudTrail Lake.
Explanations:
This option describes creating a CloudTrail trail in each account and sending logs to CloudWatch Logs for cross-account observability. However, querying data from CloudWatch Logs Insights is not optimal for account activity and lacks centralized management of CloudTrail logs, making it less efficient compared to other options.
This option suggests using a delegated administrator account to create a CloudTrail Lake data store, which allows for centralized storage and querying of CloudTrail logs across all accounts in the organization. It specifically mentions enabling the data store for all accounts and the ability to query using SQL, meeting the company’s requirements effectively.
This option involves creating a CloudTrail trail that records management events across all accounts. However, while it allows for monitoring of account activity, querying directly from the CloudTrail event history page does not provide the SQL querying capability needed for centralized analysis, making it less suitable.
This option involves deploying CloudTrail Lake data stores in each account using AWS CloudFormation StackSets. While it mentions management events and CloudTrail Lake, the approach of deploying multiple data stores defeats the purpose of centralizing logs for efficient querying. Centralization in a single data store is more effective than multiple deployments.