You have a high security requirement for your AWS accounts. What is the most rapid and sophisticated setup you can use to react to AWS API calls to your account?
a unified, near real-time stream for all API calls, which can be analyzed with any tool(s) of your choosing downstream. http://docs.aws.amazon.com/AmazonCloudWatch/latest/DeveloperGuide/EventTypes.html#api_event_type
A.
Subscription to AWS Config via an SNS Topic. Use a Lambda Function to perform in-flight analysis and reactivity to changes as they
occur.
B.
Global AWS CloudTrail setup delivering to S3 with an SNS subscription to the deliver notifications, pushing into a Lambda, which
inserts records into an ELK stack for analysis.
C.
Use a CloudWatch Rule ScheduleExpression to periodically analyze IAM credential logs. Push the deltas for events into an ELK stack
and perform ad-hoc analysis there.
D.
CloudWatch Events Rules which trigger based on all AWS API calls, submitting all events to an AWS Kinesis Stream for arbitrary
downstream analysis.
Explanation:
Explanation/Reference:
CloudWatch Events allow subscription to AWS API calls, and direction of these events into Kinesis Streams. This allows