A security engineer needs to build a solution to turn AWS CloudTrail back on in multiple AWS Regions in case it is ever turned off.
What is the MOST efficient way to implement this solution?
A.
Use AWS Config with a managed rule to initiate the AWS-EnableCloudTrail remediation.
B.
Create an Amazon EventBridge event with a cloudtrail.amazonaws.com event source and a StartLogging event name to invoke an AWS Lambda function to call the StartLogging API.
C.
Create an Amazon CloudWatch alarm with a cloudtrail.amazonaws.com event source and a StopLogging event name to invoke an AWS Lambda function to call the StartLogging API.
D.
Monitor AWS Trusted Advisor to ensure CloudTrail logging is enabled.
The most efficient approach is to useAWS Configbecause Config is designed for continuous compliance evaluation and can automatically triggermanaged remediationwhen a resource drifts from the desired state. A managed Config rule that detects when CloudTrail is not logging, combined with theAWS-EnableCloudTrailremediation action, provides an automated way to re-enable CloudTrail without building and maintaining custom event processing code. This is especially valuable in multi-Region environments because Config can evaluate configurations across Regions and enforce the intended posture consistently.
Option B is illogical: triggering on StartLogging does not help when CloudTrail is turned off. Option C is not as operationally efficient because CloudWatch alarms are not the standard mechanism for reacting to CloudTrail API events; EventBridge is the proper event bus for API call events, but you would still be writing and maintaining Lambda logic and multi-Region plumbing. Option D is manual and delayed, not automated remediation.
Therefore, AWS Config with a managed rule and the AWS-provided remediation to enable CloudTrail is the most maintainable and efficient solution.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit