Question

An administrator would like to check if the Amazon CloudFront identity they created is making access API calls to an S3 bucket where a static website is hosted. Where can this information be obtained?

B. Check AWS CloudWatch logs on the S3 bucket.
A. Configuring Amazon Athena to run queries on the Amazon CloudFront distribution
C. In the webserver, tail for identity access logs from the Amazon CloudFront identity
D. In AWS CloudTrail Event history, look up access calls and filter for the Amazon CloudFront identity.

Answer 1

Administrators can check the AWS CloudTrail Event history for API call logs made by an Amazon CloudFront identity to an S3 bucket for a static website, and use filters to pinpoint specific activities.

Step-by-step explanation:

An administrator who needs to confirm whether an Amazon CloudFront identity is making access API calls to an Amazon S3 bucket for a static website can retrieve this information from the AWS CloudTrail Event history. AWS CloudTrail captures all API calls for AWS services, and any calls made by CloudFront to access resources in S3 will be logged here. To check for specific activities, you can filter the CloudTrail logs by specifying the Amazon CloudFront identity in the filter criteria.

This kind of monitoring is crucial for security and auditing purposes, allowing administrators to track who has accessed their resources and when. For further troubleshooting and understanding the interaction between CloudFront and S3, administrators should review the CloudFront documentation.