Whilst working on a collaborative project, an administrator would like to record the initial configuration and several authorized changes that engineers make to the route table of a VPC.
What is the best method to achieve this?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer - A.
AWS Config can be used to keep track of configuration changes on AWS resources, keeping multiple date-stamped versions in a reviewable history.
This makes it the best method to meet the scenario requirements.
https://aws.amazon.com/config/Option B is incorrect because VPC flow logs will only capture IP traffic-related information passing through and from network interfaces within the VPC.
VPC flow logs will not be able to capture configuration changes made to route tables.
https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.htmlOption C is incorrect because AWS CloudTrail will capture identity access activity, event history into the AWS environment.
Recording the actions and API calls are not best suited to keep a record of configurations.
https://aws.amazon.com/cloudtrail/Option D is incorrect because using a Lambda function to write configuration changes might meet the requirements, but it would not be the best method.
AWS Config can deliver what is needed with much less administrative input.
To record the initial configuration and authorized changes made to the route table of a VPC in a collaborative project, the best method is to use AWS CloudTrail.
AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of AWS account activities. It records API calls and events made in an AWS account and delivers the log files to an Amazon S3 bucket, CloudWatch Logs, or a partner security information and event management (SIEM) tool. CloudTrail logs provide valuable information about the activities that occur in your AWS account, including who made the request, when they made it, and what resources were affected.
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. It provides a detailed inventory of all resources and their configuration history. However, AWS Config is not the best method for recording changes made to a specific resource, such as a route table, because it does not provide detailed information about the API calls and events made to that resource.
VPC Flow Logs capture information about the IP traffic going to and from network interfaces in a VPC. They can help you troubleshoot connectivity issues and monitor network traffic. However, they do not provide information about changes made to the route table.
An AWS Lambda function can be used to save a log file to an S3 bucket each time configuration changes are made, but this requires writing custom code to monitor changes and may not be as reliable as using a service like CloudTrail.
Therefore, the best method for recording the initial configuration and authorized changes made to the route table of a VPC in a collaborative project is to use AWS CloudTrail.