A government agency is storing highly confidential files in an encrypted Amazon S3 bucket. The agency has configured federated access and has allowed only a particular on-premises Active Directory user group to access this bucket. The agency wants to maintain audit records and automatically detect and revert any accidental changes administrators make to the IAM policies used for providing this restricted federated access. Which of the following options provide the FASTEST way to meet these requirements?
A) Configure an Amazon CloudWatch Events Event Bus on an AWS CloudTrail API for triggering the AWS Lambda function that detects and reverts the change.
B) Configure an AWS Config rule to detect the configuration change and execute an AWS Lambda function to revert the change.
C) Schedule an AWS Lambda function that will scan the IAM policy attached to the federated access role for detecting and reverting any changes.
D) Restrict administrators in the on-premises Active Directory from changing the IAM policies.
Correct Answer:
Verified
Q15: A DevOps Engineer discovered a sudden spike
Q16: A DevOps Engineer is asked to implement
Q17: A company is using several AWS CloudFormation
Q18: A company is setting up a centralized
Q19: A Development team uses AWS CodeCommit for
Q21: A DevOps Engineer is building a continuous
Q22: A company has an application that has
Q23: A company used AWS CloudFormation to deploy
Q24: A company has developed a static website
Q25: A company is building a solution for
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents