Company compliance requirements specify that database events such as connections, disconnections, tables queried, or types of queries issued (DML, DDL, or DCL) on an Aurora MySQL DB cluster must be retained for audit purposes. What is the optimal solution to accomplish this?

Answer options:

A.Use exec rdsadmin.manage_tracefiles.set_tracefile_table_location command to configure the tracefile_table view to point to the audit log trace file.Create a Lambda function to query the view and write the audit data to CloudWatch log group. Trigger the Lambda function using CloudWatch events.
B.Create a Lambda function to download the database audit log file using DownloadDBLogFilePortion API and write the audit data to CloudWatch log group.Trigger the Lambda function using CloudWatch events.
C.Update CloudTrail audit log trail for the RDS database to send the audit data to CloudWatch log group.
D.Create a custom DB cluster parameter group.Enable and configure Advanced Auditing parameters. Associate the custom parameter group with the Aurora RDS cluster.Modify the log export configuration of the RDS cluster to publish logs to CloudWatch.

Answer: D
Option A is incorrect because trace files contain information about background server processes.
Option B is incorrect because this is not the optimal solution. It requires the implementation of a custom Lambda function.
Option C is incorrect because CloudTrail does not contain database events and audit data. CloudTrail records log events performed on the RDS service.
Option D is CORRECT because Amazon Aurora RDS provides native capability to write audit logs to CloudWatch log groups. This functionality can be enabled and configured using a custom parameter group.
Reference:
https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/AuroraMySQL.Auditing.html