A company uses AWS CloudTrail to log all API calls. The security team wants to be alerted when an IAM user creates a new access key. What is the MOST efficient way to achieve this?
CloudWatch Events can react to specific CloudTrail events in real-time.
Why this answer
Option A is correct because CloudWatch Events can filter CloudTrail events and trigger a notification via SNS. Option B is wrong because it requires creating a custom metric. Option C is wrong because it is passive.
Option D is wrong because it requires custom analytics.