Exam AWS Certified Solutions Architect - Professional topic 1 question 579 discussion

B. 1)To id remote IPs, need to look at S3 access logs. Athena helps in analyzing those logs. https://docs.aws.amazon.com/AmazonS3/latest/dev/using-s3-access-logs-to-identify-requests.html 2) For auto-remediation, use AWS Config with Systems Manager. https://aws.amazon.com/blogs/mt/aws-config-auto-remediation-s3-compliance/ 4) For alerting, use SNS with AWS Config. https://docs.aws.amazon.com/config/latest/developerguide/notifications-for-AWS-Config.html

B. 1)To id remote IPs, need to look at S3 access logs. Athena helps in analyzing those logs. https://docs.aws.amazon.com/AmazonS3/latest/dev/using-s3-access-logs-to-identify-requests.html 2) For auto-remediation, use AWS Config with Systems Manager. https://aws.amazon.com/blogs/mt/aws-config-auto-remediation-s3-compliance/ 4) For alerting, use SNS with AWS Config. https://docs.aws.amazon.com/config/latest/developerguide/notifications-for-AWS-Config.html Addicionally remember usually usage case of AWS SES is for bulk email and marketing or legacy apps for SMTP Credentials

D. Athena needs a lot of work and is not automatic. Macie is professional on Sensitive data discovery and protection. https://aws.amazon.com/blogs/security/how-to-create-custom-alerts-with-amazon-macie/

B - Need to retrive "remote IP addreses", alerts when the bucket changes and remediate the changes automatically --- Config rules --> detect change --> send sns alert + trigger config remediation. --> S3 acess logs search, Athena can probably do the job here. D - Macie is good but wont' meet the criteria to detect changes.

https://docs.aws.amazon.com/AmazonS3/latest/userguide/LogFormat.html Key word S3 server access Ispector is for EC2 and ECS

B. Use Amazon Athena with S3 access logs to identify remote IP addresses. Use AWS Config rules with AWS Systems Manager Automation to automatically remediate S3 bucket policy changes. Use Amazon SNS with AWS Config rules for alerts.

B: Athena + S3 access logs to identify IP address. SNS for notifications and SM to automate the requests.

One actually CAN get the IP ADDRESS using Amazon Macie: policyDetails.actor.ipAddressDetails.ipAddressV4 https://docs.aws.amazon.com/de_de/macie/latest/user/findings-filter-fields.html

I'll go with B For those choosing D, read the question again. Twice. ✑ Identify remote IP addresses that are accessing the bucket objects. ✑ Receive alerts when the security policy on the bucket is changed. ✑ Remediate the policy changes automatically. ^ this is called "Requirements" ^ Macie is about the DATA itself; question wants to prevent a series of events like public explicit buckets, notify and set they private again. Typical use case of AWS Config rules

D B can't monitor S3 policy change. versus Macie can "Macie generates policy findings when the policies or settings for an S3 bucket are changed in a way that reduces the security of the bucket and its objects. Macie does this only if the change occurs after you enable your Macie account."

Answer is D. AWS macie is built specifically for protecting of PII information

i go with B

going with B

I will go with B

Change my mind to B .. D can not do the last point in the question.

D: https://aws.amazon.com/blogs/security/how-to-create-custom-alerts-with-amazon-macie/

D is correct as its designed for just this scenario with S3