AWS Networking Configuration Monitoring | VPCs and Subnets | Exam Answer

Network Configuration Monitoring for VPCs and Subnets | AWS Exam Answer

Q: You want to monitor any changes to the network configuration of the VPC's and subnets in AWS.Which of the below services can help accomplish this.Choose 3 answers from the options given below.

AWS CloudtrailAWS Cloudwatch LogsAWS Config

Prev Question Next Question

Question

You want to monitor any changes to the network configuration of the VPC's and subnets in AWS.

Which of the below services can help accomplish this.

Choose 3 answers from the options given below.

Answers

A. AWS Cloudtrail

B. AWS Cloudwatch Logs

C. AWS Config

D. AWS Direct Connect.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - A,B and C.

The AWS documentation mentions the following.

AWS CloudTrail provides a history of AWS API calls for an account, including API calls made via the AWS Management Console, AWS SDKs, command line tools, and higher-level AWS services (such as AWS CloudFormation)

This AWS API call history enables security analysis, resource change tracking, and compliance auditing.

Customers can also deliver CloudTrail data to CloudWatch Logs to store, monitor, and process API calls for network-specific changes and to send appropriate notifications.

AWS Config creates an AWS network resource inventory, including configuration history and configuration change notification.

For more information on Networking monitoring in AWS , please refer to the below link:

https://aws.amazon.com/answers/networking/vpc-network-management-and-monitoring/

The following services can help monitor any changes to the network configuration of the VPCs and subnets in AWS:

AWS CloudTrail: This service records API calls made by users or resources in your account, including changes made to your network configuration. CloudTrail logs can be used to monitor who made changes, what changes were made, and when they were made. You can also use CloudTrail to track security-related events and troubleshoot operational issues.
AWS Config: This service is a fully managed resource inventory and configuration management service that provides you with a detailed inventory of your resources and their current configuration. AWS Config continuously monitors and records changes to the configuration of your resources, including VPCs and subnets. You can use AWS Config to audit and assess compliance of your resources, track changes over time, and troubleshoot operational issues.
AWS CloudWatch Logs: This service enables you to monitor, store, and access your log files from AWS resources, including VPCs and subnets. CloudWatch Logs can be used to monitor changes to your network configuration by collecting logs from VPC Flow Logs. VPC Flow Logs capture information about the IP traffic going to and from network interfaces in your VPC, including changes to security group rules and network ACLs.
AWS Direct Connect: This service provides a dedicated network connection from your on-premises data center to AWS. It does not directly help in monitoring changes to the network configuration of VPCs and subnets, but can be used to enhance security and performance by bypassing the public internet.

In conclusion, the services that can help monitor changes to the network configuration of the VPCs and subnets in AWS are AWS CloudTrail, AWS Config, and AWS CloudWatch Logs.

Prev Question Next Question