A company wants to analyze and troubleshoot Access Denied errors and Unauthorized errors that are related to IAM permissions. The company has AWS CloudTrail turned on.
Which solution will meet these requirements with the LEAST effort?
A.
Use AWS Glue and write custom scripts to query CloudTrail logs for the errors.
B.
Use AWS Batch and write custom scripts to query CloudTrail logs for the errors.
C.
Search CloudTrail logs with Amazon Athena queries to identify the errors.
D.
Search CloudTrail logs with Amazon QuickSight. Create a dashboard to identify the errors.
Athena allows you to run SQL queries on data in Amazon S3, including CloudTrail logs. It is the easiest way to query the logs and identify specific errors without needing to write any custom code or scripts.
With Athena, you can write simple SQL queries to filter the CloudTrail logs for the "AccessDenied" and "UnauthorizedOperation" error codes. This will return the relevant log entries that you can then analyze.
https://docs.aws.amazon.com/athena/latest/ug/cloudtrail-logs.html
When troubleshooting you will want to query specific things in the log and Athena provides query language for that.
Quick Sight is data analytics and visualisation tool. You can use it to aggregate data and maybe make a dashboard for number of errors by type etc but that doesn't help you troubleshoot anything.
C is correct
"Search CloudTrail logs with Amazon QuickSight", that doesn't work. QuickSight can visualize Athena query results, so "search CloudTrail logs with Amazon Athena, then create a dashboard with Amazon QuickSight" would make sense. But QuickSight without Athena won't work.
The question asks specifically to "analyze and troubleshoot". While Athena is easy to get the data, you then just have a list of logs. Not very useful to troubleshoot...
C for me. Using Athena with CloudTrail logs is a powerful way to enhance your analysis of AWS service activity. For example, you can use queries to identify trends and further isolate activity by attributes, such as source IP address or user.
https://docs.aws.amazon.com/athena/latest/ug/cloudtrail-logs.html#:~:text=CloudTrail%20Lake%20documentation.-,Using%20Athena,-with%20CloudTrail%20logs
IAM and CloudTrail https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html#stscloudtrailexample-assumerole .
Query CloudTrail logs by Athena https://docs.aws.amazon.com/athena/latest/ug/cloudtrail-logs.html#tips-for-querying-cloudtrail-logs#tips-for-querying-cloudtrail-logs
Amazon Athena is an interactive query service provided by AWS that enables you to analyze data , is a little bit more suitable integrated with cloud trail that permit to verify WHO accessed the service.
Both C and D are feasible. I vote for D:
Amazon QuickSight supports logging the following actions as events in CloudTrail log files:
- Whether the request was made with root or AWS Identity and Access Management user credentials
- Whether the request was made with temporary security credentials for an IAM role or federated user
- Whether the request was made by another AWS service
https://docs.aws.amazon.com/quicksight/latest/user/logging-using-cloudtrail.html
"Using Athena with CloudTrail logs is a powerful way to enhance your analysis of AWS service activity."
https://docs.aws.amazon.com/athena/latest/ug/cloudtrail-logs.html
It specifies analyze, not query logs.
Which is why option D is the best one as it provides dashboards to analyze the logs.
upvoted 3 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Guru4Cloud
Highly Voted 10 months agoawsgeek75
Highly Voted 5 months, 1 week agopentium75
Most Recent 5 months, 3 weeks ago[Removed]
6 months, 2 weeks agobogobob
7 months, 1 week agopentium75
5 months, 3 weeks agoawsgeek75
5 months, 1 week agoNickGordon
7 months, 2 weeks agoTariqKipkemei
11 months, 1 week agojames2033
11 months, 1 week agojames2033
11 months, 1 week agolive_reply_developers
11 months, 2 weeks agomanuh
12 months agohaoAWS
12 months agoantropaws
1 year agoPCWu
1 year agoAxeashes
1 year agooras2023
1 year agooras2023
1 year agoalexandercamachop
1 year ago