Which actions can a solutions architect take to meet these requirements?
Use S3 server access logging on the bucket that houses the reports with the read and write data events and log file validation options enabled.
Use S3 server access logging on the bucket that houses the reports with the read and write management events and log file validation options enabled.
Use AWS CloudTrail to create a new trail. Configure the trail to log read and write data events on the S3 bucket that houses the reports. Log these events to a new bucket, and enable log file validation.
Use AWS CloudTrail to create a new trail. Configure the trail to log read and write management events on the S3 bucket that houses the reports. Log these events to a new bucket, and enable log file validation.
Explanations:
S3 server access logging captures requests for the bucket but does not support logging data events or provide log file validation, making it unsuitable for this use case.
S3 server access logging does not support logging management events, nor does it provide log file validation, which is required by the vice president’s mandate.
AWS CloudTrail data events capture detailed read/write actions on objects in the bucket, and log file validation ensures that any tampering with logs can be detected.
Management events in AWS CloudTrail log high-level account activities but not the detailed object-level access that data events provide, which is required for compliance.
If memory serves me right, the answer is:
Use AWS CloudTrail to create a new trail. Configure the trail to log read and write data events on the S3 bucket that houses the reports. Log these events to a new bucket, and enable log file validation.