Record Source IP Addresses for DynamoDB Calls
Question
Your company has an application hosted in AWS which makes use of DynamoDB.
There is a requirement from the IT security department to ensure that all source IP addresses which make calls to the DynamoDB tables are recorded.
Which of the following services can be used to ensure this requirement is fulfilled.
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - C.
The AWS Documentation mentions the following.
DynamoDB is integrated with CloudTrail, a service that captures low-level API requests made by or on behalf of DynamoDB in your AWS account and delivers the log files to an Amazon S3 bucket that you specify.
CloudTrail captures calls made from the DynamoDB console or from the DynamoDB low-level API.
Using the information collected by CloudTrail, you can determine what request was made to DynamoDB, the source IP address from which the request was made, who made the request, when it was made, and so on.
For more information on DynamoDB and Cloudtrail, please refer to the below link:
http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/logging-using-cloudtrail.htmlThe correct answer is C. AWS CloudTrail.
Explanation:
AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account. CloudTrail provides a record of actions taken by a user, role, or an AWS service in the account. This information includes the identity of the entity that performed the action, the time and date of the action, and the source IP address of the request.
By enabling CloudTrail, you can log all DynamoDB API calls made within your AWS account. This will allow you to track which users or services are making calls to DynamoDB, and from which IP addresses. This information can be used for security and compliance purposes, as well as for troubleshooting and performance optimization.
Option A, AWS Code Commit is a source control service that allows you to store and manage code in AWS. It is not related to recording source IP addresses for DynamoDB API calls.
Option B, AWS CodePipeline is a continuous delivery service that helps you automate the building, testing, and deployment of your applications. It is not related to recording source IP addresses for DynamoDB API calls.
Option D, AWS CloudWatch is a monitoring service that provides metrics, logs, and alarms for your AWS resources. It is not related to recording source IP addresses for DynamoDB API calls.
Therefore, the correct answer is C, AWS CloudTrail.
