November 18, 2021 by Admin
A company’s auditor implemented a compliance requirement that all Amazon S3 buckets must have logging enabled. A SysOps administrator is tasked to ensure this compliance requirement is met, while still permitting developers to create and use new S3 buckets.
Which action should be taken to accomplish this?
- Add AWS CloudTrail logging for the S3 buckets.
- Implement IAM policies to allow only the storage team to create S3 buckets.
- Add the S3_BUCKET_LOGGING_ENABLED AWS Config managed rule.
- Create an AWS Lambda function to delete the S3 buckets if logging is not turned on.