How should a Security Engineer resolve these issues?
Create an Amazon S3 lifecycle policy that archives AWS CloudTrail trail logs to Amazon S3 Glacier after 90 days. Configure Amazon Inspector to provide a notification when a policy change is made to resources.
Configure AWS Artifact to archive AWS CloudTrail logs. Configure AWS Trusted Advisor to provide a notification when a policy change is made to resources.
Configure Amazon CloudWatch to export log groups to Amazon S3. Configure AWS CloudTrail to provide a notification when a policy change is made to resources.
Create an AWS CloudTrail trail that stores audit logs in Amazon S3. Configure an AWS Config rule to provide a notification when a policy change is made to resources.
Explanations:
While archiving logs to Amazon S3 Glacier after 90 days extends log retention, it does not solve the immediate issue of unauthorized IAM policy changes or ensure logs are available for compliance. Amazon Inspector is not the right tool for detecting IAM policy changes; AWS Config is more appropriate for this purpose.
AWS Artifact is a service for managing compliance reports and does not archive AWS CloudTrail logs. AWS Trusted Advisor provides recommendations but does not monitor or notify about IAM policy changes directly. This option does not address log retention or unauthorized changes effectively.
Amazon CloudWatch can export logs, but it does not extend the retention of CloudTrail logs beyond the default period. Moreover, CloudWatch does not directly monitor IAM policy changes; it requires integration with AWS Config for that functionality. Thus, this option does not fully address the requirements.
This option effectively addresses both issues: creating a CloudTrail trail allows for extended log retention in S3, ensuring audit logs are kept beyond 90 days. Configuring an AWS Config rule allows for real-time monitoring and notifications when unauthorized IAM policy changes occur, thereby ensuring compliance and security.
I map out that the answer is:
Create an AWS CloudTrail trail that stores audit logs in Amazon S3. Configure an AWS Config rule to provide a notification when a policy change is made to resources.