Which solution will meet these requirements?

By:
On:
In: SCS-C01
Tagged:
With: 0 Comments
A security team is working on a solution that will use Amazon EventBridge (Amazon CloudWatch Events) to monitor new Amazon S3 objects.The solution will monitor for public access and for changes to any S3 bucket policy or setting that result in public access.The security team configures EventBridge to watch for specific API calls that are logged from AWS CloudTrail.EventBridge has an action to send an email notification through Amazon Simple Notification Service (Amazon SNS) to the security team immediately with details of the API call.Specifically, the security team wants EventBridge to watch for the s3:PutObjectAcl, s3:DeleteBucketPolicy, and s3:PutBucketPolicy API invocation logs from CloudTrail.While developing the solution in a single account, the security team discovers that the s3:PutObjectAcl API call does not invoke an EventBridge event.However, the s3:DeleteBucketPolicy API call and the s3:PutBucketPolicy API call do invoke an event.The security team has enabled CloudTrail for AWS management events with a basic configuration in the AWS Region in which EventBridge is being tested.Verification of the EventBridge event pattern indicates that the pattern is set up correctly.The security team must implement a solution so that the s3:PutObjectAcl API call will invoke an EventBridge event.The solution must not generate false notifications.

Which solution will meet these requirements?

Modify the EventBridge event pattern by selecting Amazon S3. Select All Events as the event type.

Modify the EventBridge event pattern by selecting Amazon S3. Select Bucket Level Operations as the event type.

Enable CloudTrail Insights to identify unusual API activity.

Enable CloudTrail to monitor data events for read and write operations to S3 buckets.

Explanations:

Modifying the EventBridge event pattern to select “All Events” will capture a broader range of events, but it will not specifically enable the capture ofs3:PutObjectAclAPI calls if CloudTrail is not configured to log data events for S3.

Selecting “Bucket Level Operations” in EventBridge will not capture thes3:PutObjectAclAPI call, as this API call pertains to object-level permissions and not bucket-level operations.

Enabling CloudTrail Insights helps in identifying unusual API activity but does not directly address the requirement for capturing specific API calls likes3:PutObjectAclin EventBridge events.

Enabling CloudTrail to monitor data events for S3 will allow the logging of object-level API calls, includings3:PutObjectAcl, ensuring that the EventBridge can trigger events based on these API calls.

Leave a Reply

Your email address will not be published. Required fields are marked *

5 × four =