What is the MOST operationally efficient solution that meets these requirements?
Create an AWS Lambda function that creates a new CloudTrail trail in all AWS accounts in the organization. Invoke the Lambda function daily by using a scheduled action in Amazon EventBridge (Amazon CloudWatch Events).
Create a new CloudTrail trail in the organization’s management account. Configure the trail to log all events for all AWS accounts in the organization.
Create a new CloudTrail trail in all AWS accounts in the organization. Create new trails whenever a new account is created. Define an SCP that prevents deletion or modification of trails. Apply the SCP to the root OU.
Create an AWS Systems Manager Automation runbook that creates a CloudTrail trail in all AWS accounts in the organization. Invoke the automation by using Systems Manager State Manager.
Explanations:
While an AWS Lambda function could automate the process of creating CloudTrail trails, invoking the function daily via EventBridge adds unnecessary complexity and overhead. This approach would not be as operationally efficient as using a single trail for all accounts in an organization.
Creating a single CloudTrail trail in the management account and configuring it to log events from all accounts in the organization is the most operationally efficient solution. It provides centralized logging without the need to create individual trails in each account.
This option involves creating a new trail in every account, which adds complexity and management overhead. Additionally, defining an SCP to prevent modification of trails increases complexity unnecessarily. This is not the most efficient method.
Using Systems Manager Automation runbooks to create CloudTrail trails in all accounts is more complex than necessary. While this could work, it introduces extra steps and management overhead compared to just using a single centralized trail for the entire organization.