What is the SIMPLEST way to meet these requirements?
Enable AWS Trusted Advisor security checks in the AWS Console, and report all security incidents for all regions.
Enable AWS CloudTrail by creating individual trails for each region, and specify a single Amazon S3 bucket to receive log files for later analysis.
Enable AWS CloudTrail by creating a new trail and applying the trail to all regions. Specify a single Amazon S3 bucket as the storage location.
Enable Amazon CloudWatch logging for all AWS services across all regions, and aggregate them to a single Amazon S3 bucket for later analysis.
Explanations:
AWS Trusted Advisor focuses on best practices and optimization, not specifically on tracking API call activity for security violations. It does not meet the requirement for centralizing and retaining API activity logs across multiple regions.
Creating individual trails for each region increases complexity, as multiple trails need to be managed, and does not simplify the process of centralizing logs across all regions.
Enabling a single AWS CloudTrail trail across all regions and specifying a single S3 bucket for log storage meets the requirement of centralizing and retaining API call logs for security analysis in all regions.
Amazon CloudWatch is more for monitoring and metrics, not specifically for logging AWS API calls. Additionally, aggregating logs into S3 via CloudWatch is not the simplest solution for this use case compared to CloudTrail.
As far as I’m aware, the answer is:
Enable AWS CloudTrail by creating a new trail and applying the trail to all regions. Specify a single Amazon S3 bucket as the storage location.