What should the solutions architect do to accomplish this?

A company is reviewing its AWS Cloud deployment to ensure its data is not accessed by anyone without appropriate authorization.A solutions architect is tasked with identifying all open Amazon S3 buckets and recording any S3 bucket configuration changes.

What should the solutions architect do to accomplish this?

Enable AWS Config service with the appropriate rules

Enable AWS Trusted Advisor with the appropriate checks.

Write a script using an AWS SDK to generate a bucket report

Enable Amazon S3 server access logging and configure Amazon CloudWatch Events.

Explanations:

Enabling AWS Config allows you to monitor and record configuration changes to AWS resources, including S3 buckets. It can evaluate whether S3 buckets are publicly accessible and keep a history of configuration changes, which helps ensure that only authorized access is allowed.

AWS Trusted Advisor can provide checks for S3 buckets, including identifying open buckets, but it does not record configuration changes. It is more focused on best practices and cost optimization rather than detailed configuration monitoring.

Writing a script using an AWS SDK could identify open S3 buckets, but it would not provide ongoing monitoring or record configuration changes over time. This approach lacks the automation and consistency of AWS Config.

Enabling Amazon S3 server access logging captures requests made to S3 buckets, but it does not specifically identify open buckets or track configuration changes. CloudWatch Events can be configured for certain actions, but this approach does not provide the comprehensive tracking needed for bucket configurations.

Free study guides, practices test, sample questions

What should the solutions architect do to accomplish this?

Explanations:

1 Comment

Leave a Reply Cancel reply