AWS Certified Solutions Architect – Professional — Question 224

A company experienced a breach of highly confidential personal information due to permission issues on an Amazon S3 bucket. The Information Security team has tightened the bucket policy to restrict access. Additionally, to be better prepared for future attacks, these requirements must be met:
✑ Identify remote IP addresses that are accessing the bucket objects.
✑ Receive alerts when the security policy on the bucket is changed.
✑ Remediate the policy changes automatically.
Which strategies should the Solutions Architect use?

Answer options

• A. Use Amazon CloudWatch Logs with CloudWatch filters to identify remote IP addresses. Use CloudWatch Events rules with AWS Lambda to automatically remediate S3 bucket policy changes. Use Amazon SES with CloudWatch Events rules for alerts.
• B. Use Amazon Athena with S3 access logs to identify remote IP addresses. Use AWS Config rules with AWS Systems Manager Automation to automatically remediate S3 bucket policy changes. Use Amazon SNS with AWS Config rules for alerts.
• C. Use S3 access logs with Amazon Elasticsearch Service and Kibana to identify remote IP addresses. Use an Amazon Inspector assessment template to automatically remediate S3 bucket policy changes. Use Amazon SNS for alerts.
• D. Use Amazon Macie with an S3 bucket to identify access patterns and remote IP addresses. Use AWS Lambda with Macie to automatically remediate S3 bucket policy changes. Use Macie automatic alerting capabilities for alerts.

Correct answer: B

Explanation

The correct answer is B because Amazon Athena can analyze S3 access logs to identify remote IP addresses effectively. AWS Config rules combined with AWS Systems Manager Automation allow for the automatic remediation of policy changes, ensuring compliance. The other options either do not provide the necessary capabilities for remediation or do not effectively identify remote IP addresses.