Which approach will generate automated security alerts should too many unauthorized AWS API requests be identified?
Create an Amazon CloudWatch metric filter that looks for API call error codes and then implement an alarm based on that metric’s rate.
Configure AWS CloudTrail to stream event data to Amazon Kinesis. Configure an AWS Lambda function on the stream to alarm when the threshold has been exceeded.
Run an Amazon Athena SQL query against CloudTrail log files. Use Amazon QuickSight to create an operational dashboard.
Use the Amazon Personal Health Dashboard to monitor the account’s use of AWS services, and raise an alert if service error rates increase.
Explanations:
A CloudWatch metric filter can capture API call error codes (e.g., access denied, unauthorized) and set an alarm based on the rate of those errors. This helps detect unauthorized API requests by triggering alerts when the threshold is breached.
While CloudTrail streaming to Kinesis and using Lambda for processing can detect unauthorized access, it requires more complex setup than necessary for just alerting on error rates, making it less optimal than using CloudWatch metric filters.
Running Athena queries and creating dashboards with QuickSight is useful for analysis and reporting, but it is not ideal for generating automated alerts in real-time when unauthorized API requests occur.
The Amazon Personal Health Dashboard provides alerts on AWS service health, not specifically unauthorized API requests. It is not designed for monitoring security events like unauthorized API calls.
I scheme that the answer is:
Create an Amazon CloudWatch metric filter that looks for API call error codes and then implement an alarm based on that metric’s rate.