1. What is AWS CloudTrail?

   AWS CloudTrail is a service that records and logs AWS account activity and events. It provides a detailed history of actions taken by users, roles, or services within an AWS account, enabling security, compliance, and operational troubleshooting.

2. What are the benefits of CloudTrail?

   CloudTrail offers benefits such as enhanced security through auditing and monitoring, compliance reporting, operational troubleshooting, and the ability to track changes and actions within your AWS environment.

3. Who should use CloudTrail?

   CloudTrail should be used by individuals or organizations that need to audit activity, monitor security, or troubleshoot operational issues within their AWS environment.

4. Can you explain how to create a Trail in AWS CloudTrail?

   To create a Trail in AWS CloudTrail, you can use the AWS CloudTrail console, AWS CloudTrail API, or the AWS Command Line Interface (CLI). You specify the settings for the trail, including the S3 bucket where log files will be stored and any optional filters.

5. When would you use multiple Trails in CloudTrail?

   Multiple Trails in CloudTrail are used when you want to segregate and categorize log data for different purposes, such as separating logs for security auditing from those for operational troubleshooting or compliance reporting.

6. How can we enable logging for S3 buckets using CloudTrail?

   Logging for S3 buckets using CloudTrail can be enabled by configuring a CloudTrail Trail to log data events for the specific S3 buckets you want to monitor.

7. Is it possible to turn off logging for certain events with CloudTrail? If yes, then how?

   Yes, you can turn off logging for certain events with CloudTrail by creating a trail with a filter that excludes the events you don't want to log.

8. Can you give me some examples of real-world usage of CloudTrail?

   Real-world usage of CloudTrail includes tracking who made changes to resources, monitoring security-related events, troubleshooting operational issues, ensuring compliance with regulations, and conducting forensic analysis in case of incidents.

9. Can you explain what multi-region and global services are in context with CloudTrail?

   Multi-region services are those that operate in multiple AWS regions, and global services are those that operate across the entire AWS cloud. CloudTrail can capture events from both types of services, providing a comprehensive view of account activity.

10. Do all API calls made by an IAM user show up on CloudTrail logs? If not, which ones don’t?

    No, not all API calls made by an IAM user are logged in CloudTrail. By default, management events are logged, but data events (e.g., read or write actions on resources) are not logged. You can enable data event logging for specific services and resources as needed.

11. How do you get the list of all trails created in your AWS account?

    You can get the list of all trails created in your AWS account by using the AWS CloudTrail console, the AWS CloudTrail API, or the AWS Command Line Interface (CLI).

12. Can you give me more details about the data provided by CloudTrail event history?

    CloudTrail event history provides detailed information about each recorded event, including who acted, what services were involved, the specific actions taken, the parameters used, and the response received from AWS services.

13. If I am a new AWS customer or an existing AWS customer and don’t have CloudTrail set up, do I need to enable or set up anything to view my account activity?

    No, as a new or existing AWS customer, you don't need to enable anything to view your account activity. You can access the AWS CloudTrail console or AWS CLI and begin viewing up to the past 90 days of account activity without additional setup.

14. Does the CloudTrail Event History show all account activity within my account?

    The CloudTrail Event History shows a history of the recorded events within your AWS account, but it might not capture every single event. You can configure which events are logged, and there are limits to the number of events retained and searchable.

15. What search filters can I use to view my account activity?

    You can specify the time range and use various attributes such as event name, user name, resource name, event source, event ID, and resource type as filters to view specific subsets of your account activity.

16. Can I use the lookup-events CLI command even if I don’t have a trail configured?

    Yes, you can use the lookup-events command in the AWS CloudTrail console or AWS CLI to view the past 90 days of account activity even if you don't have a trail configured.

17. Is it possible to configure CloudWatch metrics for CloudTrail logs? If so, where can you find these metrics?

    Yes, you can configure CloudWatch metrics for CloudTrail logs. These metrics can be found in the CloudWatch console, and they allow you to monitor and set up alarms for specific events and patterns in your CloudTrail logs.

18. What happens to existing log files when you update a trail?

    When you update an existing trail, any new log files that are created after the update will be automatically included in the trail. However, existing log files will not be affected.

19. What additional CloudTrail features are available after creating a trail?

    After creating a CloudTrail trail, you can set up delivery of CloudTrail events to Amazon Simple Storage Service (S3), Amazon CloudWatch Logs, and Amazon CloudWatch Events. This enables features like archiving, analysis and responding to changes in your AWS resources.

20. Can I restrict user access from viewing the CloudTrail Event History?

    You can control user access to the CloudTrail Event History by managing their AWS Identity and Access Management (IAM) permissions. You can restrict or grant access to specific users or roles based on your security requirements.

21. Is there any cost associated with CloudTrail Event History being enabled on my account upon creation?

    There is no cost for viewing or searching account activity with CloudTrail Event History. However, data storage and data transfer costs associated with other AWS services (like S3) may apply.

22. Can you tell me if there’s any way to access or download my CloudTrail log files from Amazon S3?

    Yes, you can access and download your CloudTrail log files from Amazon S3. You can use the AWS Management Console or the AWS Command Line Interface (CLI) to retrieve log files stored in your designated S3 bucket.

23. Can I turn off CloudTrail Event History for my account?

    You can stop logging by stopping or deleting the CloudTrail trails that you have created. This action will also stop account activity delivery to the Amazon S3 bucket and CloudWatch Logs if configured. However, account activity for the past 90 days will still be accessible within the CloudTrail console and AWS CLI.

24. Can you explain what log file integrity validation is?

    Log file integrity validation is a feature that helps you determine whether a CloudTrail log file has been tampered with, deleted, or modified since it was delivered to the specified S3 bucket. It enhances the security and trustworthiness of your log files.

25. What steps should be taken to ensure that unauthorized users cannot modify or delete CloudTrail log files from Amazon S3?

    To prevent unauthorized modification or deletion of CloudTrail log files, you should set appropriate access controls and permissions on your S3 bucket, including AWS Identity and Access Management (IAM) policies that restrict access to trusted users and services.

26. Can you explain what trail tags are?

    Trail tags are key-value pairs that can be added to AWS CloudTrail trails. They help you organize and categorize your trails for better management, tracking, and reporting purposes.

27. What does continuous monitoring mean in the context of CloudTrail?

    Continuous monitoring in CloudTrail refers to the service's ability to constantly and automatically track changes and events in your AWS account. It immediately notifies you of any changes or activities, allowing you to promptly identify and respond to potential security threats or operational issues.

28. What is the difference between management events and data events in CloudTrail?

    Management events are actions related to managing your AWS account, such as creating or deleting resources. Data events, on the other hand, are actions performed on the resources themselves, like reading or writing data to a storage bucket.

29. What is the maximum size allowed for each CloudTrail log file?

    The maximum size allowed for each CloudTrail log file is 50 MB.

30. What is the default retention period for log files stored in the S3 bucket used by CloudTrail?

    The default retention period for log files stored in the S3 bucket used by CloudTrail is 90 days.

31. What services are supported by CloudTrail?

    CloudTrail records account activity and service events from most AWS services.

32. Are API calls made from the AWS Management Console recorded?

    Yes, API calls made from the AWS Management Console are recorded by CloudTrail as management events.

33. Where are my log files stored and processed before they are delivered to my S3 bucket?

    Log files are stored and processed within the AWS CloudTrail service before being delivered to the S3 bucket you specified in your trail configuration.

34. What does it mean to apply a trail to all AWS Regions?

    Applying a trail to all AWS Regions means creating a trail configuration that captures AWS account activity across all AWS Regions, including any newly added Regions.

35. What are the benefits of applying a trail to all Regions?

    Applying a trail to all Regions provides a unified and comprehensive view of AWS account activity across your entire AWS environment. It ensures you don't miss events from any AWS Region.

36. How do I apply a trail to all Regions?

    To apply a trail to all Regions, you can select the option to do so in the CloudTrail console during the trail configuration. If you're using the AWS SDKs or AWS CLI, you set the IsMultiRegionTrail parameter to true.

37. What happens when I apply a trail to all Regions?

    When you apply a trail to all Regions, it captures AWS account activity from all AWS Regions, ensuring you have a comprehensive record of events across your entire AWS environment.

38. Can I apply an existing trail to all Regions?

    Yes, you can modify an existing trail to apply to all Regions by updating the trail's configuration to enable the IsMultiRegionTrail parameter.

39. How long will it take for CloudTrail to replicate the trail configuration to all Regions?

    Typically, it takes less than 30 seconds for CloudTrail to replicate the trail configuration to all Regions.

40. How many trails can I create in a Region?

    You can create up to five trails in a Region. A trail that applies to all Regions is considered one trail in each Region.

41. What is the benefit of creating multiple trails in a Region?

    Creating multiple trails in a Region allows you to segregate and categorize log data for different purposes, such as security, compliance, or operational troubleshooting.

42. Does CloudTrail support resource-level permissions?

    Yes, CloudTrail supports resource-level permissions, allowing you to define granular access control policies to allow or deny access to specific users for a particular trail.

43. How can I secure my CloudTrail log files?

    You can secure your CloudTrail log files by setting up proper access controls and permissions on the S3 bucket where log files are stored, encrypting the log files, and ensuring that only authorized users have access.

44. Where can I download a sample S3 bucket policy and an SNS topic policy?

    You can download a sample S3 bucket policy and an SNS topic policy from the CloudTrail S3 bucket. Before applying these policies, you should update them with your specific information.

45. How long can I store my activity log files?

    You control the retention policies for your CloudTrail log files. By default, log files are stored indefinitely, but you can define your own retention policy using S3 Object lifecycle management rules.

46. What information is available at an event?

    An event contains detailed information about the associated activity, including who initiated the action, the services involved, the specific actions performed, action parameters, and the response from AWS services.

47. How long does it take CloudTrail to deliver an event for an API call?

    Typically, CloudTrail delivers an event within 15 minutes of the API call.

48. How often will CloudTrail deliver log files to my S3 bucket?

    CloudTrail delivers log files to your S3 bucket approximately every five minutes. Log files are only delivered if there have been API calls in your account.

49. Can I be notified when new log files are delivered to my S3 bucket?

    Yes, you can turn on Amazon SNS notifications to receive immediate notifications when new log files are delivered to your S3 bucket.

50. What happens if CloudTrail is turned on for my account but my S3 bucket is not configured with the correct policy?

    CloudTrail log files are delivered based on the S3 bucket policies in place. If your S3 bucket policies are misconfigured, CloudTrail may not be able to deliver log files to the bucket. Therefore, it's essential to configure the bucket with the correct policy.

51. What are data events?

    Data events are actions performed on resources within your AWS account, such as reading from or writing to S3 buckets, and are a type of event recorded by AWS CloudTrail.

52. How can I consume data events?

    Data events recorded by CloudTrail are delivered to Amazon S3, similar to management events. Once enabled, these data events can also be used in Amazon CloudWatch Events for alerting and automated responses.

53. What are S3 data events? How do I record them?

    S3 data events are specific to actions performed on Amazon S3 buckets, like object creation or deletion. You can record S3 data events by configuring your CloudTrail trail to include the desired S3 bucket activities.

54. What are Lambda data events? How do I record them?

    Lambda data events pertain to actions taken on AWS Lambda functions, such as invoking or updating a function. To record Lambda data events, you can configure your CloudTrail trail to include Lambda activities.

55. Can I add a delegated administrator to my organization?

    Yes, CloudTrail supports adding up to three delegated administrators per organization.

56. Who is the owner of an organization trail or event data store at the organizational level created by a delegated admin?

    The management account remains the owner of any organization trails or event data stores created at the organization level, regardless of whether they were created by a delegated admin account or the management account.

57. In which Regions is delegated administrator support available?

    Delegated administrator support for CloudTrail is available in all AWS Regions where AWS CloudTrail is available, except for China (Beijing, operated by Sinnet) and China (Ningxia, operated by NWCD).

58. What are CloudTrail Insights events?

    CloudTrail Insights events are events that help identify unusual or potentially unauthorized activities in your AWS account by analyzing CloudTrail logs.

59. What type of activity does CloudTrail Insights help identify?

    CloudTrail Insights helps identify potentially suspicious activities, anomalies, or security threats in your AWS account, allowing you to take immediate action.

60. How does CloudTrail Insights work with other AWS services that use anomaly detection?

    CloudTrail Insights works in conjunction with other AWS anomaly detection services, such as Amazon GuardDuty, to provide a more comprehensive view of security threats and unusual activities in your AWS environment.

61. Do I need to have CloudTrail set up for CloudTrail Insights to work?

    Yes, you need to have CloudTrail configured to capture and store your AWS account activity logs for CloudTrail Insights to work.

62. What kinds of events do CloudTrail Insights monitor?

    CloudTrail Insights primarily tracks unusual activity related to writing management API operations in your AWS account.

63. How do I get started with CloudTrail Insights?

    To get started with CloudTrail Insights, you can enable the feature in the AWS CloudTrail console, configure settings, and set up alerts for detected anomalies.

64. Why should I use CloudTrail Lake?

    CloudTrail Lake allows you to query and analyze AWS CloudTrail logs and AWS Config configuration items in a central and easily accessible data lake. It simplifies log and event data management and analysis.

65. How does this feature relate to and work with other AWS services?

    CloudTrail Lake works with AWS services like AWS Glue, Amazon Athena, and Amazon QuickSight to provide a comprehensive solution for querying and analyzing AWS CloudTrail and AWS Config data.

66. When do you recommend using AWS Config advanced query instead of CloudTrail Lake for querying configuration items from AWS Config?

    You should use AWS Config advanced query when you specifically need to query AWS Config configuration items. CloudTrail Lake is more suitable for querying AWS CloudTrail logs and related data.

67. If I enable ingestion of configuration items from AWS Config today into CloudTrail Lake, will Lake ingest my historical configuration items (generated before the creation of Lake) or collect only the newly recorded configuration items?

    CloudTrail Lake will ingest only the newly recorded configuration items from AWS Config after its activation. It won't collect historical configuration items generated before the creation of Lake.

68. Can I always know which user made a particular configuration change by querying CloudTrail Lake?

    Yes, you can use CloudTrail Lake to determine which user made a particular configuration change by analyzing the associated CloudTrail logs and events.

69. If I've used trails before, can I bring existing CloudTrail logs into my existing or new CloudTrail Lake event data store?

    No, CloudTrail Lake does not provide the capability to bring existing CloudTrail logs into an event data store. It is designed for processing and querying newly collected logs.

70. Does this import capability impact the original trail in S3?

    No, the import capability copies the log information from S3 to CloudTrail Lake without affecting the original trail in S3.

71. What CloudTrail events can I query after enabling the CloudTrail Lake feature?

    You can query AWS CloudTrail events and AWS Config data items in the CloudTrail Lake event data store.

72. After I enable the CloudTrail Lake feature, how long do I need to wait to begin writing queries?

    You can begin querying the activities that occur after enabling the feature almost immediately.

73. What are some of the common security and operational use cases that I can solve using CloudTrail Lake?

    Common use cases for CloudTrail Lake include security analysis, operational troubleshooting, compliance reporting, and forensic analysis of AWS CloudTrail and AWS Config data.

74. How do I get started with CloudTrail Lake?

    To get started with CloudTrail Lake, you should enable the feature in the AWS CloudTrail console and configure your settings.

75. I have multiple AWS accounts. I would like log files for all the accounts to be delivered to a single S3 bucket. Can I do that?

    Yes, you can configure one S3 bucket as the destination for log files from multiple AWS accounts, allowing centralized storage of logs.

76. What is CloudTrail integration with CloudWatch Logs?

    CloudTrail integration with CloudWatch Logs is a feature that delivers CloudTrail management and data events to a CloudWatch Logs log stream in a specified CloudWatch Logs log group.

77. What are the benefits of CloudTrail integration with CloudWatch Logs?

    CloudTrail integration with CloudWatch Logs allows you to receive SNS notifications of account activity captured by CloudTrail. You can set up CloudWatch alarms to monitor specific API calls and events in your AWS account.

78. How do I turn on CloudTrail integration with CloudWatch Logs?

    You can turn on CloudTrail integration with CloudWatch Logs from the CloudTrail console by specifying a CloudWatch Logs log group and an IAM role. You can also use the AWS SDKs or AWS CLI to enable this integration.

79. What happens when I turn on CloudTrail integration with CloudWatch Logs?

    Once enabled, CloudTrail events are delivered to the specified CloudWatch Logs log group and can trigger CloudWatch alarms and SNS notifications based on your configurations.

80. How does CloudTrail deliver events containing account activity to my CloudWatch Logs?

    CloudTrail assumes the IAM role you specify to deliver account activity to CloudWatch Logs. You should configure this IAM role with the necessary permissions to write to the specified CloudWatch Logs log group.

81. What charges do I incur once I turn on CloudTrail integration with CloudWatch Logs?

    When you enable CloudTrail integration with CloudWatch Logs, you may incur charges for the data transfer and the storage of logs in CloudWatch Logs. Be sure to review AWS pricing details to understand the costs associated with this feature.

82. Can I filter CloudTrail events before delivering them to CloudWatch Logs?

    Yes, you can apply CloudTrail event selectors to filter the CloudTrail events delivered to CloudWatch Logs based on specific criteria, such as event names, resources, and more.

83. How can I view and analyze the CloudTrail events delivered to CloudWatch Logs?

    You can use the CloudWatch Logs console, AWS SDKs, or AWS CLI to view and analyze CloudTrail events delivered to CloudWatch Logs. You can set up CloudWatch alarms, create visualizations, and run queries on the data.

84. Do I need to enable CloudTrail integration with CloudWatch Logs for each AWS Region separately?

    Yes, you need to enable CloudTrail integration with CloudWatch Logs separately for each AWS Region where you want to capture and monitor account activity.

85. What are the differences between using CloudWatch Logs for CloudTrail integration and CloudTrail Event History?

    CloudWatch Logs for CloudTrail integration focuses on real-time event delivery and monitoring. CloudTrail Event History provides a historical view of up to 90 days of account activity. Both can be used together to manage and analyze events effectively.

86. What is AWS Config?

    AWS Config is a service that assesses, audits, and evaluates the configurations of AWS resources within your account. It helps you maintain compliance, track resource changes, and understand the relationships between resources in your AWS environment.

87. What benefits does AWS Config offer?

    AWS Config offers benefits such as tracking resource changes, simplifying compliance reporting, monitoring resource configurations, and identifying security and compliance issues in your AWS environment.

88. What is a configuration item in AWS Config?

    A configuration item is a record of the configuration state of a resource in your AWS environment. It includes information about the resource, its attributes, and how it is related to other resources.

89. How does AWS Config gather configuration data?

    AWS Config gathers configuration data using configuration recorders, which are AWS-managed or custom-managed AWS Lambda functions that track and record resource configuration changes.

90. How can you get started with AWS Config?

    To get started with AWS Config, you can enable the service in the AWS Management Console, configure resource recording and delivery settings, and start monitoring and assessing your AWS environment.

91. What is a configuration rule in AWS Config?

    A configuration rule in AWS Config is a customizable rule that evaluates the configuration of AWS resources. It helps you check for compliance, monitor configurations, and automate remediation actions.

92. How can you create custom AWS Config rules?

    You can create custom AWS Config rules using AWS Lambda functions. By defining these functions, you can write your own custom rules that assess the configuration of AWS resources according to your organization's requirements.

93. What is the difference between AWS Config and AWS CloudTrail?

    AWS Config focuses on monitoring and assessing resource configurations, tracking changes, and evaluating compliance. AWS CloudTrail is primarily used for tracking API activity, logging user and service actions, and auditing AWS account events.

94. How do AWS Config and AWS CloudTrail work together?

    AWS Config and AWS CloudTrail work together by providing complementary services. Config tracks and assesses the configuration state of resources, while CloudTrail logs API activity and actions taken on resources. You can use both services to achieve comprehensive AWS environment monitoring.

95. What is the maximum retention period for AWS Config history records?

    The maximum retention period for AWS Config history records is seven years.

96. Can I use AWS Config to assess resource configurations in multiple AWS Regions and accounts?

    Yes, AWS Config can be used to assess resource configurations across multiple AWS Regions and accounts. It provides a centralized view of resource configurations and relationships.

97. What are AWS Organizations?

    AWS Organizations is a service that allows you to consolidate multiple AWS accounts into an organization that you create and centrally manage. It simplifies billing, cost management, and resource sharing across AWS accounts.

98. How can you use AWS Organizations with AWS Config and AWS CloudTrail?

    By creating an organization in AWS Organizations, you can centrally manage and consolidate AWS accounts. This simplifies the use of AWS Config and AWS CloudTrail by providing a unified view and management of resources and activities across multiple accounts.

99. What are AWS Organizations' management accounts and member accounts?

    In AWS Organizations, the management account is the main AWS account used to create and manage the organization. Member accounts are the AWS accounts that are added to the organization and are managed by the organization's policies.

100. What is AWS Config Aggregator, and how does it work?
     AWS Config Aggregator is a service that enables you to aggregate configuration and compliance data from multiple AWS accounts and Regions into a single account. It provides a unified view of resource configurations and compliance data for centralized monitoring and management.

101. How can I consolidate AWS Config data using AWS Config Aggregator?
     You can use AWS Config Aggregator to create an aggregator configuration, specify the source AWS accounts and Regions, and configure the delivery of aggregated configuration data to a central AWS account.

102. What are the benefits of using AWS Config Aggregator for data consolidation? AWS Config Aggregator simplifies data consolidation by allowing you to collect configuration and compliance data from multiple AWS accounts and Regions into a single account. It streamlines monitoring, analysis, and reporting across your AWS environment.

103. How does AWS Config store and manage configuration history data?
     AWS Config stores configuration history data in a central repository in the AWS account in which AWS Config is enabled. You can specify the retention period for this history data.

104. What are AWS Config delivery channels, and how are they configured?
     AWS Config delivery channels define the destinations where AWS Config records should be delivered, such as an S3 bucket, an SNS topic, or CloudWatch Logs. You can configure the delivery channel settings in the AWS Config console.

105. How can you view and analyze AWS Config data records?
     You can use the AWS Config console or AWS SDKs to view and analyze AWS Config data records, assess resource configurations, check compliance, and monitor changes.

106. What is an AWS Config rule?
     An AWS Config rule is a pre-defined or custom-defined criterion for evaluating the configuration settings of AWS resources. It helps ensure that resources comply with best practices, security standards, and organizational requirements.

107. How can you create and manage custom AWS Config rules?
     You can create custom AWS Config rules by writing AWS Lambda functions that evaluate the configuration of AWS resources based on your criteria. These Lambda functions are used to enforce your organization's specific requirements and policies.

108. What is AWS Config Managed Rules?
     AWS Config Managed Rules are pre-built, customizable rules provided by AWS Config. These rules are designed to check resource configurations and compliance with industry best practices, AWS security guidelines, and specific compliance frameworks.

109. How can you enable AWS Config Managed Rules?
     You can enable AWS Config Managed Rules in the AWS Config console by selecting the rules you want to use and specifying the AWS accounts and Regions where you want to evaluate resources.

110. Can I use both AWS Config and AWS CloudTrail to track AWS API activity?
     Yes, you can use both AWS Config and AWS CloudTrail simultaneously to monitor AWS API activity and track changes to AWS resources. Each service has its specific strengths and purposes, and they complement each other when used together.

111. How can AWS Config help with compliance and auditing of resources?
     AWS Config continuously assesses the configurations of AWS resources and can generate detailed configuration history and compliance reports. This data helps with audits and demonstrates compliance with security standards and policies.

112. How can I enable AWS Config for a new AWS account?
     To enable AWS Config for a new AWS account, log in to the AWS Management Console using the new account's credentials, navigate to the AWS Config console, and follow the setup process to enable the service.

113. What are AWS Config conformance packs?
     AWS Config conformance packs are sets of AWS Config rules and remediation actions that can be deployed together as a unit to ensure compliance with specific standards and requirements. Conformance packs are especially useful for organizations with complex compliance needs.

114. How can you use AWS Config conformance packs?
     You can use AWS Config conformance packs to deploy predefined or custom-defined compliance packs across multiple accounts and Regions to ensure consistent compliance with your organization's requirements.

115. What is the AWS Config console?
     The AWS Config console is a web-based interface that allows you to configure and manage AWS Config settings, view and analyze resource configurations, assess compliance, and track changes to AWS resources.

116. Can AWS Config record configurations and compliance data from multiple AWS Regions and accounts?
     Yes, AWS Config can be configured to record configurations and compliance data from multiple AWS Regions and accounts, providing a centralized and unified view of your AWS environment.

117. Can I create custom compliance rules for AWS Config?
     Yes, you can create custom compliance rules for AWS Config using AWS Lambda functions. These custom rules allow you to evaluate resource configurations according to your organization's specific requirements.

118. How can you automate the remediation of non-compliant resources with AWS Config?
     You can use AWS Config and AWS Lambda to automate the remediation of non-compliant resources. When non-compliance is detected, AWS Config can trigger AWS Lambda functions to execute remediation actions automatically.

119. Can AWS Config assess configurations and compliance of third-party resources or external systems?
     AWS Config is primarily designed to assess and monitor the configurations and compliance of AWS resources. However, custom compliance rules and integrations with external systems can be set up to assess configurations and compliance with third-party resources or external systems.

120. How does AWS Config handle resources that are deleted or no longer exist? AWS Config retains historical configuration data for deleted or non-existent resources, allowing you to review changes and configurations over time, even for resources that no longer exist in your AWS environment.

These questions and answers cover a wide range of topics related to AWS CloudTrail and AWS Config. If you have more specific questions or need additional information on any of these topics, please feel free to ask!