What should the SysOps administrator do to meet these requirements WITHOUT writing custom code?
Add the AWS account to AWS Organizations. Enable CloudTrail in the management account.
Create an AWS Config rule that is invoked when CloudTrail configuration changes. Apply the AWS-ConfigureCloudTrailLogging automatic remediation action.
Create an AWS Config rule that is invoked when CloudTrail configuration changes. Configure the rule to invoke an AWS Lambda function to enable CloudTrail.
Create an Amazon EventBridge (Amazon CloudWatch Event) hourly rule with a schedule pattern to run an AWS Systems Manager Automation document to enable CloudTrail.
Explanations:
Adding the AWS account to AWS Organizations and enabling CloudTrail in the management account does not ensure immediate re-enablement of CloudTrail in the specified account, nor does it directly address the requirement to automatically re-enable it if disabled.
Creating an AWS Config rule to monitor CloudTrail configuration changes allows for automatic remediation when CloudTrail is disabled. The AWS-ConfigureCloudTrailLogging action will enable CloudTrail without the need for custom code, effectively meeting the requirement.
While creating an AWS Config rule can help monitor changes, invoking an AWS Lambda function introduces custom code, which is against the requirement of not writing custom code. Thus, this option does not fulfill the requirements.
Creating an EventBridge rule to run a Systems Manager Automation document would also require scheduling and does not directly provide immediate remediation when CloudTrail is disabled. Additionally, this approach may involve custom setup in the Automation document itself.