A security engineer needs to ensure that all API calls made to AWS resources are logged for auditing. Which AWS service should be enabled to capture management and data events?
Trap 1: Amazon CloudWatch Logs
CloudWatch Logs is for log storage and monitoring, but not for capturing API calls.
Trap 2: AWS Config
AWS Config is for resource configuration tracking, not API call logging.
Trap 3: AWS GuardDuty
GuardDuty is a threat detection service, not a logging service.
- A
Amazon CloudWatch Logs
Why wrong: CloudWatch Logs is for log storage and monitoring, but not for capturing API calls.
- B
AWS Config
Why wrong: AWS Config is for resource configuration tracking, not API call logging.
- C
AWS GuardDuty
Why wrong: GuardDuty is a threat detection service, not a logging service.
- D
AWS CloudTrail
CloudTrail records API calls and is the correct service for auditing.