Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 524 discussion

https://docs.aws.amazon.com/athena/latest/ug/cloudtrail-logs.html When troubleshooting you will want to query specific things in the log and Athena provides query language for that. Quick Sight is data analytics and visualisation tool. You can use it to aggregate data and maybe make a dashboard for number of errors by type etc but that doesn't help you troubleshoot anything. C is correct

"Search CloudTrail logs with Amazon QuickSight", that doesn't work. QuickSight can visualize Athena query results, so "search CloudTrail logs with Amazon Athena, then create a dashboard with Amazon QuickSight" would make sense. But QuickSight without Athena won't work.

Athena is for searching

The question asks specifically to "analyze and troubleshoot". While Athena is easy to get the data, you then just have a list of logs. Not very useful to troubleshoot...

Quick Sight is an analytics tool. Sounds like a LEAST effort option

Athena allows you to run SQL queries on data in Amazon S3, including CloudTrail logs. It is the easiest way to query the logs and identify specific errors without needing to write any custom code or scripts. With Athena, you can write simple SQL queries to filter the CloudTrail logs for the "AccessDenied" and "UnauthorizedOperation" error codes. This will return the relevant log entries that you can then analyze.

C for me. Using Athena with CloudTrail logs is a powerful way to enhance your analysis of AWS service activity. For example, you can use queries to identify trends and further isolate activity by attributes, such as source IP address or user. https://docs.aws.amazon.com/athena/latest/ug/cloudtrail-logs.html#:~:text=CloudTrail%20Lake%20documentation.-,Using%20Athena,-with%20CloudTrail%20logs

IAM and CloudTrail https://docs.aws.amazon.com/IAM/latest/UserGuide/cloudtrail-integration.html#stscloudtrailexample-assumerole . Query CloudTrail logs by Athena https://docs.aws.amazon.com/athena/latest/ug/cloudtrail-logs.html#tips-for-querying-cloudtrail-logs#tips-for-querying-cloudtrail-logs

Amazon Athena is an interactive query service provided by AWS that enables you to analyze data , is a little bit more suitable integrated with cloud trail that permit to verify WHO accessed the service.

Dashboard isnt requires. Also refer to this https://repost.aws/knowledge-center/troubleshoot-iam-permission-errors

I am struggling for the C and D for a long time, and ask the chatGPT. The chatGPT says D is better, since Athena requires more expertise on SQL.

Both C and D are feasible. I vote for D: Amazon QuickSight supports logging the following actions as events in CloudTrail log files: - Whether the request was made with root or AWS Identity and Access Management user credentials - Whether the request was made with temporary security credentials for an IAM role or federated user - Whether the request was made by another AWS service https://docs.aws.amazon.com/quicksight/latest/user/logging-using-cloudtrail.html

The Answer will be C: Need to use Athena to query keywords and sort out the error logs. D: No need to use Amazon QuickSight to create the dashboard.

"Using Athena with CloudTrail logs is a powerful way to enhance your analysis of AWS service activity." https://docs.aws.amazon.com/athena/latest/ug/cloudtrail-logs.html

Analyse and TROUBLESHOOT, look like Athena

It specifies analyze, not query logs. Which is why option D is the best one as it provides dashboards to analyze the logs.