AWS Resource Report
Question
Your company has multiple accounts in various regions that contain resources such as EC2, CloudWatch, DynamoDB, EBS, Redshift, RDS, S3, ElasticbeanStalk, IAM, Autoscaling, and Elastic Load Balancer.
The IT Audit department requires a report of all the resources that are used by your company.
Which of the following will help you to provide a report in the easiest way?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Answer is D.
Option A is incorrect because the solution would only present resources with a production tag and exclude the rest of the resources required as per the asks.
Option B is incorrect because the question requires us to obtain the report most easily and this option complicates the solution.
Option C is incorrect because AWS CloudTrail is used to log all the API activity but does not provide a report on the services used.
This provides no information on services used.
Option D is CORRECT because AWS Config makes it easy to monitor the AWS resources across multiple accounts and regions using the multi-account, multi-region data aggregation capability.
You can create a configuration aggregator in any account and aggregate the details from other accounts.
A sample snapshot of the resource's dashboard in AWS Config is shown below.
For more information on AWS Config, please visit the below URL.
https://docs.aws.amazon.com/config/latest/developerguide/how-does-config-work.html
Option A: Create a PowerShell script using the AWS CLI. Query all resources with the tag of production.
This option suggests using PowerShell script to query all the resources that are tagged with the 'production' tag. While this may be an easy way to obtain information on the resources used by the company, it may not be comprehensive enough, as not all resources may be tagged with the 'production' tag. Additionally, it may be time-consuming to write the script and maintain it, especially as new resources are added or old ones are removed.
Option B: Create a bash shell script with the AWS CLI. Query all resources in all regions. Store the results in an S3 bucket.
This option suggests using a bash shell script to query all resources in all regions and then store the results in an S3 bucket. This option is more comprehensive than option A, as it will capture all resources in all regions, including those that may not be tagged with the 'production' tag. However, it may still be time-consuming to write the script and maintain it, especially as new resources are added or old ones are removed.
Option C: Use CloudTrail to get the list of all resources.
This option suggests using CloudTrail to obtain a list of all resources used by the company. CloudTrail provides a detailed record of all API calls made to AWS resources, including the creation, modification, and deletion of resources. By analyzing the CloudTrail logs, one can obtain a comprehensive list of all resources used by the company. This option may require more effort to analyze the logs, but it provides a more accurate and comprehensive picture of the resources used.
Option D: Use AWS Config to get the list of all resources.
This option suggests using AWS Config to obtain a list of all resources used by the company. AWS Config provides a detailed inventory of all resources in an account, including their current configuration and history of configuration changes. By analyzing the AWS Config data, one can obtain a comprehensive list of all resources used by the company. This option may require more effort to analyze the data, but it provides a more accurate and comprehensive picture of the resources used.
Overall, options C and D are better options as they provide a more comprehensive and accurate picture of the resources used by the company. However, they may require more effort to analyze the logs or data. Options A and B may be easier to implement, but they may not capture all resources.
