Question #1543
A company needs to monitor and audit API activity across their AWS accounts for security compliance. They have AWS CloudTrail enabled and want to identify any unauthorized access attempts. Which approach requires the LEAST effort to achieve this?
Use AWS Lambda to process CloudTrail logs and trigger alerts for unauthorized access.
Use Amazon Redshift to load CloudTrail logs and run SQL queries to detect access patterns.
Query CloudTrail logs directly using Amazon Athena to find unauthorized access events.
Set up Amazon OpenSearch Service to index CloudTrail logs and visualize unauthorized attempts.
Explanation
Option C (Amazon Athena) requires the least effort because:
1. No Data Movement: CloudTrail logs are already stored in S3, and Athena can query them directly without needing to load data into a separate system (unlike Redshift or OpenSearch).
2. No Code/ETL: Athena uses standard SQL, eliminating the need for Lambda functions or custom code to process logs (as in Option A).
3. Serverless: Athena is serverless, so there is no infrastructure to manage.
Other options involve more steps:
- A: Requires writing Lambda code, setting up triggers, and integrating with alerting systems.
- B: Requires loading logs into Redshift via ETL pipelines and managing a data warehouse.
- D: Requires indexing logs in OpenSearch and configuring visualizations.
Key Points:
- CloudTrail logs are stored in S3 by default.
- Athena provides serverless SQL querying over S3 data.
- Minimizing effort means avoiding custom code, ETL, or infrastructure management.
Answer
The correct answer is: C