Learn the best solution for storing AWS account activity from multiple accounts in a central location and querying it using SQL. Prepare for the AWS Certified Solutions Architect – Professional SAP-C02 exam.
Table of Contents
Question
A company has multiple AWS accounts that are in an organization in AWS Organizations. The company needs to store AWS account activity and query the data from a central location by using SQL.
Which solution will meet these requirements?
A. Create an AWS CloudTraii trail in each account. Specify CloudTrail management events for the trail. Configure CloudTrail to send the events to Amazon CloudWatch Logs. Configure CloudWatch cross-account observability. Query the data in CloudWatch Logs Insights.
B. Use a delegated administrator account to create an AWS CloudTrail Lake data store. Specify CloudTrail management events for the data store. Enable the data store for all accounts in the organization. Query the data in CloudTrail Lake.
C. Use a delegated administrator account to create an AWS CloudTral trail. Specify CloudTrail management events for the trail. Enable the trail for all accounts in the organization. Keep all other settings as default. Query the CloudTrail data from the CloudTrail event history page.
D. Use AWS CloudFormation StackSets to deploy AWS CloudTrail Lake data stores in each account. Specify CloudTrail management events for the data stores. Keep all other settings as default, Query the data in CloudTrail Lake.
Answer
B. Use a delegated administrator account to create an AWS CloudTrail Lake data store. Specify CloudTrail management events for the data store. Enable the data store for all accounts in the organization. Query the data in CloudTrail Lake.
Explanation
AWS CloudTrail Lake is a managed data lake that lets you aggregate, immutably store, and query events recorded by CloudTrail from multiple AWS accounts and Regions. It provides a SQL-based interface to query the data.
To set it up for an AWS organization:
- Designate a delegated administrator account for CloudTrail in the management account.
- In the delegated admin account, create a CloudTrail Lake event data store.
- Configure the data store to collect management events.
- Enable the data store for all accounts in the organization. This will aggregate CloudTrail events from all accounts into the central data store.
- You can then use the CloudTrail Lake SQL query interface to analyze the aggregated account activity data.
The other options are incorrect:
- Option A uses CloudWatch Logs which is not purpose-built for querying CloudTrail data and would be more complex to set up for aggregation across accounts.
- Option C creates a multi-account trail but doesn’t provide SQL querying of the data.
- Option D deploys separate data stores in each account rather than aggregating data in one central location.
Therefore, using CloudTrail Lake with organization-wide aggregation, as described in option B, is the best solution to centrally store and query AWS account activity from multiple accounts using SQL. Let me know if you have any other questions!
Amazon AWS Certified Solutions Architect – Professional SAP-C02 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Solutions Architect – Professional SAP-C02 exam and earn Amazon AWS Certified Solutions Architect – Professional SAP-C02 certification.