An IAM user made several configuration changes to AWS resources during a production deployment last week. A solutions architect discovered that a couple of security group rules are misconfigured and wants to confirm which IAM user made those changes. Which service should the solutions architect use to find this information?
Choose an answer
Tap an option to check your answer.
Correct answer: AWS CloudTrail.
Why this is the answer
AWS CloudTrail records API calls and related events made by users, roles, or AWS services in your AWS account. This makes it the ideal service for tracking who made specific configuration changes, including modifications to security group rules. CloudTrail logs provide details such as the event time, the IAM user or role that initiated the event, the source IP address, and the specific API operation performed. Amazon GuardDuty is a threat detection service that monitors for malicious activity and unauthorized behavior. Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. AWS Config continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations, but it doesn't directly track the identity of the user who made a specific change in the same detailed way CloudTrail does for API calls.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed