A company uses AWS CloudTrail to log API calls across all regions. The SysOps administrator notices that logs for a specific region are missing from the centralized S3 bucket. What is the most likely cause?
Trap 1: The S3 bucket policy denies write access from CloudTrail for that…
Incorrect. A bucket policy denying CloudTrail writes would affect all regions, not a single region.
Trap 2: CloudTrail log file validation is disabled.
Incorrect. Log file validation is a security feature to ensure integrity; it does not cause missing logs.
Trap 3: The IAM role for CloudTrail does not have permissions to write logs…
Incorrect. IAM roles for CloudTrail are not region-specific; permission issues would affect all regions.
- A
The CloudTrail trail is not enabled for that region.
Correct. CloudTrail must be explicitly enabled for each region or a multi-region trail must be used. Missing logs for a specific region strongly suggests the trail is not applied there.
- B
The S3 bucket policy denies write access from CloudTrail for that region.
Why wrong: Incorrect. A bucket policy denying CloudTrail writes would affect all regions, not a single region.
- C
CloudTrail log file validation is disabled.
Why wrong: Incorrect. Log file validation is a security feature to ensure integrity; it does not cause missing logs.
- D
The IAM role for CloudTrail does not have permissions to write logs from that region.
Why wrong: Incorrect. IAM roles for CloudTrail are not region-specific; permission issues would affect all regions.