A company has managed many AWS resources.
The IT audit department has requested to get a list of resources in the AWS account.
How can this be achieved efficiently?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: D.
Options A and B are incorrect because these methods are very inefficient to get the list of AWS resources.
Option C is incorrect because AWS CloudTrail is used for logging API activities on your AWS account and does not provide an account inventory of all the resources and services used.
Option D is CORRECT because AWS Config provides a detailed list of resources defined in your AWS Account.
For more information on AWS Config, kindly refer to the below URL:
https://docs.aws.amazon.com/config/latest/developerguide/how-does-config-work.htmlThere are several ways to efficiently get a list of resources in an AWS account, and each option has its own advantages and disadvantages. The best approach depends on the specific requirements and constraints of the organization.
A. Create a PowerShell script using AWS CLI to query and list all resources based on tags. This approach leverages the AWS CLI to gather information about the resources in the account. By using tags, it is possible to filter the results and get a more specific list of resources. However, this approach can be time-consuming if there are a large number of resources and if the tagging policy is not well-defined or enforced.
B. Create a bash shell script with AWS CLI to get all resources in all AWS regions and store the results in an S3 bucket. This approach provides a comprehensive list of resources in the account and stores the results in a centralized location for future reference. However, this approach can be resource-intensive, especially if there are many resources in the account, and it may require additional permissions to access S3.
C. Use CloudTrail to get the list of all resources. This approach leverages CloudTrail to capture all API activity in the AWS account, including resource creation and modification. By parsing the CloudTrail logs, it is possible to generate a comprehensive list of resources in the account. However, this approach can be complex, especially if the CloudTrail logs are not well-organized or if the account has many users and resources.
D. Use AWS Config to get the list of all resources. This approach leverages AWS Config to track resource inventory and configuration changes in the account. By enabling AWS Config and using its APIs or console, it is possible to generate a comprehensive list of resources in the account. However, this approach requires additional setup and configuration of AWS Config, and it may not capture all resources, especially if they were created before AWS Config was enabled.
In summary, each approach has its own advantages and disadvantages, and the best option depends on the specific requirements and constraints of the organization. However, leveraging AWS Config or CloudTrail may provide more comprehensive and reliable results compared to using tags or iterating through all resources in all regions.