API Call Logging, Resource Discovery, and Auditing Credentials
Question
Your company uses AWS to host its resources.
They have the following requirements. Record all API calls and Transitions. Help in understanding what resources are there in the account. Facility to allow auditing credentials and logins. Which services would suffice the above requirements?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: C.
Option A is incorrect because, as per the ask, it requires the service to record all the API calls.
Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS but does not provide audit logs and reports.
Option B is incorrect because, as per the ask, we need an AWS service to provide resource inventory in our account.
SNS is a fully managed messaging service for both system-to-system and app-to-person (A2P) communication but would not be able to provide resource details in our account.
Option C is CORRECT because it satisfies all the 3 tasks mentioned in the question.
AWS CloudTrail provides all the API activities reports and logs, AWS Config provides details about resource inventory in our account, and IAM Credential Reports provides auditing credentials and logins.
Option D is incorrect because, as per the ask, we need an AWS service to provide resource inventory in our account.
SQS is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications but would not be able to provide resource details in our account.
For more information on CloudTrail, Config, and IAM Credential Reports, kindly refer to the following URLs:
http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.htm https://aws.amazon.com/config/ http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_getting-report.htmlThe correct answer for this question is C. CloudTrail, AWS Config, IAM Credential Reports.
Here is the explanation of why the other options are not the correct answer:
Option A:
- AWS Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS, it doesn't fulfill any of the given requirements.
- CloudTrail is the correct service for recording API calls and transitions.
- IAM Credential Report is the correct service for auditing credentials and logins.
Option B:
- CloudTrail is the correct service for recording API calls and transitions.
- IAM Credential Report is the correct service for auditing credentials and logins.
- AWS SNS (Simple Notification Service) is a messaging service that sends email or text messages to notify you of certain events. It doesn't provide any of the given requirements.
Option D:
- AWS SQS (Simple Queue Service) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. It doesn't provide any of the given requirements.
- IAM Credential Report is the correct service for auditing credentials and logins.
- CloudTrail is the correct service for recording API calls and transitions.
Option C (Correct answer):
- CloudTrail is the correct service for recording API calls and transitions.
- AWS Config is a service that provides a detailed inventory of the resources in an AWS account and records configuration changes to those resources. It helps in understanding what resources are there in the account.
- IAM Credential Report is the correct service for auditing credentials and logins.
In summary, CloudTrail records API calls and transitions, IAM Credential Report allows auditing credentials and logins, and AWS Config provides a detailed inventory of the resources in an AWS account, which meets all the given requirements.
