What should a SysOps administrator do to meet these requirements in the MOST operationally efficient way?
Track the logging information by using AWS CloudTrail. Launch an AWS Lambda function for remediation.
Configure automatic remediation in AWS Config by using the s3-bucket-logging-enabled rule.
Configure AWS Trusted Advisor to monitor the logging configuration and to turn on access logging if necessary.
Track the logging information by using Amazon CloudWatch metrics. Launch an AWS Lambda function for remediation.
Explanations:
AWS CloudTrail records API calls but does not track the logging configuration of S3 buckets directly. It would require additional steps to monitor and remediate logging settings, making it less efficient than other solutions.
AWS Config provides a built-in rule (s3-bucket-logging-enabled) that automatically evaluates whether logging is enabled for S3 buckets. If a bucket is found without logging, AWS Config can trigger automatic remediation, making this solution highly operationally efficient.
AWS Trusted Advisor does not provide automatic remediation of settings such as S3 logging. It only gives recommendations for improvements, requiring manual intervention for remediation.
Amazon CloudWatch metrics do not monitor or track S3 bucket logging settings directly. While Lambda could be used for remediation, CloudWatch is not the ideal tool to monitor S3 logging configurations.