Which solution will meet these requirements?
Create an AWS Lambda function to delete the IAM access key. Configure AWS CloudTrail logs to stream to Amazon CloudWatch Logs. Create a CloudWatch Logs metric filter for the AWS_RISK_CREDENTIALS_EXPOSED event with two actions. First, run the Lambda function. Second, use Amazon Simple Notification Service (Amazon SNS) to send a notification to the security team.
Create an AWS Lambda function to delete the IAM access key. Create an AWS Config rule for changes to “aws.trustedadvisor” and the “Exposed Access Keys” status with two actions. First, run the Lambda function. Second, use Amazon Simple Notification Service (Amazon SNS) to send a notification to the security team.
Create an AWS Lambda function that deletes the IAM access key and then uses Amazon Simple Notification Service (Amazon SNS) to notify the security team. Create an AWS Personal Health Dashboard rule for the AWS_RISK_CREDENTIALS_EXPOSED event. Set the target of the Personal Health Dashboard rule to the ARN of the Lambda function.
Create an AWS Lambda function that deletes the IAM access key. Create an Amazon EventBridge (Amazon CloudWatch Events) rule with an “aws.trustedadvisor” event source and the “Exposed Access Keys” status. Set the EventBridge (CloudWatch Events) rule to target the Lambda function and an Amazon Simple Notification Service (Amazon SNS) topic that notifies the security team.
Explanations:
AWS Trusted Advisor does not directly stream events to CloudWatch Logs. CloudTrail logs capture API calls, but AWS_RISK_CREDENTIALS_EXPOSED is not an event logged in CloudTrail by default. This approach does not fully meet the requirement of triggering an automated response based on Trusted Advisor events.
AWS Config cannot monitor Trusted Advisor checks or the “Exposed Access Keys” status directly. AWS Config is designed for resource configuration compliance, not Trusted Advisor events. This option misses the required event source.
The AWS Personal Health Dashboard is used to monitor AWS service health and does not include specific event notifications for Trusted Advisor checks. Trusted Advisor events are not integrated with the Personal Health Dashboard in this manner.
EventBridge (formerly CloudWatch Events) can be configured to capture events from AWS services, including Trusted Advisor. This option correctly sets up a rule for the “Exposed Access Keys” event from Trusted Advisor, targets a Lambda function to delete the key, and uses SNS to notify the security team, meeting the requirements.
I rank that the answer is:
Create an AWS Lambda function that deletes the IAM access key. Create an Amazon EventBridge (Amazon CloudWatch Events) rule with an “aws.trustedadvisor” event source and the “Exposed Access Keys” status. Set the EventBridge (CloudWatch Events) rule to target the Lambda function and an Amazon Simple Notification Service (Amazon SNS) topic that notifies the security team.