Which combination of steps will meet these requirements?
(Choose three.)
Enable AWS Config with a multi-account aggregator. Configure log forwarding to Amazon CloudWatch Logs.
Create an Amazon QuickSight dashboard that uses an Amazon CloudWatch Logs query.
Create an Amazon CloudWatch Logs metric filter to match root user login events. Configure a CloudWatch alarm and an Amazon Simple Notification Service (Amazon SNS) topic to send alerts to the company’s monitoring system.
Create an Amazon CloudWatch Logs subscription filter to match root user login events. Configure the filter to forward events to an Amazon Simple Notification Service (Amazon SNS) topic. Configure the SNS topic to send alerts to the company’s monitoring system.
Create an AWS CloudTrail organization trail. Configure the organization trail to send events to Amazon CloudWatch Logs.
Create an Amazon CloudWatch dashboard that uses a CloudWatch Logs Insights query.
Explanations:
AWS Config is used for resource compliance and auditing rather than direct monitoring of root user activity. It does not provide alerts for login events directly and is not primarily designed for generating dashboards for log activity.
Amazon QuickSight is a business analytics service that allows users to create visualizations, but it cannot directly query CloudWatch Logs without first ingesting that data into a suitable format. It does not address the alerting requirement for root user logins.
Creating a CloudWatch Logs metric filter to match root user login events allows for the detection of these specific events. Configuring a CloudWatch alarm linked to an SNS topic enables alerts to be sent to the monitoring system when a root user logs in, meeting the requirement for both alerts and monitoring.
An Amazon CloudWatch Logs subscription filter forwards logs in real-time but does not inherently create alerts. While it could potentially send alerts through SNS, it does not directly tie into the alerting mechanism for root user logins like a metric filter would.
Creating an AWS CloudTrail organization trail captures all API activity across accounts in the organization, including root user logins. Sending these events to CloudWatch Logs allows for monitoring and log analysis, fulfilling the requirements for log activity tracking.
An Amazon CloudWatch dashboard can utilize CloudWatch Logs Insights queries to visualize log data. This allows for creating dashboards that display log activity generated by root users, thus meeting the dashboard requirement.