Logo
AWS Certified Cloud Practitioner / Question #830 of 719

Question #830

A company wants to maintain an audit trail of all API requests made within its AWS environment to ensure compliance with security policies. Which AWS service provides this capability?

A

AWS Config
B

Amazon CloudWatch
C

AWS CloudTrail
D

AWS IAM

Explanation

AWS CloudTrail (Option C) is the correct answer because it specifically logs all API activity across AWS services, including who made the request, the time, and the actions taken. This audit trail is critical for compliance, security analysis, and troubleshooting.

- Why other options are incorrect:
- AWS Config (A): Tracks resource configuration changes but does not log API calls.
- Amazon CloudWatch (B): Monitors metrics and logs application performance, not API request auditing.
- AWS IAM (D): Manages access permissions but does not log API activity.

Key Points:
- CloudTrail logs are essential for auditing and compliance.
- CloudTrail records management events (e.g., creating/deleting resources) and data events (e.g., S3 object-level operations).
- Logs can be stored in S3 and analyzed with Athena or other tools.

Answer

The correct answer is: C