Q90 — AWS AIF-C01 Ch.3
Question 90 of 100 | ← Chapter 3
A company hosts several web applications on Amazon EC2 instances. These applications need to access foundation models (FMs) in Amazon Bedrock. For audit purposes, the company wants to automatically log all web application access to Amazon Bedrock. The mechanism must capture user, role, and timestamp for every API invocation and inference call. Which AWS service meets these requirements?
- A. Amazon CloudWatch
- B. Amazon Macie
- C. AWS Trusted Advisor
- D. AWS CloudTrail ✓
Correct Answer: D. AWS CloudTrail
Explanation
AWS CloudTrail is an AWS service that records detailed logs of all API calls made within an AWS account—including caller identity (user or role), timestamp, source IP, request parameters, and response elements. It natively supports logging of Amazon Bedrock API invocations and inference calls, making it the only service capable of fulfilling the company’s audit requirement for comprehensive, immutable, and granular access logging.