A security engineer is configuring an AWS environment to detect and respond to potential security threats. Which AWS service can be used to automate the remediation of unwanted access to Amazon S3 buckets by invoking AWS Lambda functions?
Trap 1: AWS Config
AWS Config evaluates resource configurations against desired policies but does not detect threats or automate remediation based on threat findings.
Trap 2: Amazon Inspector
Amazon Inspector is a vulnerability management service that scans for software vulnerabilities and unintended network exposure, not for detecting access anomalies.
Trap 3: AWS WAF
AWS WAF protects web applications from common web exploits, not S3 bucket access.
- A
AWS Config
Why wrong: AWS Config evaluates resource configurations against desired policies but does not detect threats or automate remediation based on threat findings.
- B
Amazon GuardDuty
GuardDuty uses threat intelligence and machine learning to detect threats, and findings can trigger automated remediation via EventBridge and Lambda.
- C
Amazon Inspector
Why wrong: Amazon Inspector is a vulnerability management service that scans for software vulnerabilities and unintended network exposure, not for detecting access anomalies.
- D
AWS WAF
Why wrong: AWS WAF protects web applications from common web exploits, not S3 bucket access.