For this purpose, the company plans to use AWS logging and save logs to Amazon S3How can a database specialist activate logging on the database?
Use AWS CloudTrail to monitor DynamoDB control-plane operations. Create a DynamoDB stream to monitor data-plane operations. Pass the stream to Amazon Kinesis Data Streams. Use that stream as a source for Amazon Kinesis Data Firehose to store the data in an Amazon S3 bucket.
Use AWS CloudTrail to monitor DynamoDB data-plane operations. Create a DynamoDB stream to monitor control-plane operations. Pass the stream to Amazon Kinesis Data Streams. Use that stream as a source for Amazon Kinesis Data Firehose to store the data in an Amazon S3 bucket.
Create two trails in AWS CloudTrail. Use Trail1 to monitor DynamoDB control-plane operations. Use Trail2 to monitor DynamoDB data-plane operations.
Use AWS CloudTrail to monitor DynamoDB data-plane and control-plane operations.
Explanations:
AWS CloudTrail captures control-plane and data-plane operations for DynamoDB directly. A DynamoDB stream is not required for logging to S3 in this scenario.
AWS CloudTrail handles both control-plane and data-plane logging for DynamoDB, without needing a DynamoDB stream for logging purposes.
AWS CloudTrail can monitor both control-plane and data-plane operations in a single trail; two separate trails are unnecessary for this purpose.
AWS CloudTrail can log both control-plane and data-plane operations for DynamoDB, fulfilling the logging requirement for audit purposes without extra configurations.
As I understand it, the answer is:
Use AWS CloudTrail to monitor DynamoDB data-plane and control-plane operations.