Monitor API Calls and Maintain History: AWS Services for Bulk Review
Question
There is a requirement to monitor API calls against your AWS account by different users and entities.
There needs to be a history of those calls.
The history of those calls are needed in in bulk for later review.
Which 2 services can be used in this scenario.
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - C.
You can use AWS CloudTrail to get a history of AWS API calls and related events for your account.
This history includes calls made with the AWS Management Console, AWS Command Line Interface, AWS SDKs, and other AWS services.
For more information on Cloudtrail, please visit the below URL:
http://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.htmlAmazon CloudWatch Events delivers a near real-time stream of system events that describe changes in Amazon Web Services (AWS) resources.
Using simple rules that you can quickly set up, you can match events and route them to one or more target functions or streams.
CloudWatch Events becomes aware of operational changes as they occur.
CloudWatch Events responds to these operational changes and takes corrective action as necessary, by sending messages to respond to the environment, activating functions, making changes, and capturing state information.
For more information on Cloudwatch events, please visit the below URL:
http://docs.aws.amazon.com/AmazonCloudWatch/latest/events/WhatIsCloudWatchEvents.htmlThe two services that can be used in this scenario are AWS CloudTrail and AWS Config.
AWS CloudTrail provides a history of AWS API calls made on an AWS account. It records and stores information about events such as who made the call, when it was made, and which service was accessed. This information is stored in an S3 bucket and can be used for auditing and compliance purposes. AWS CloudTrail also allows users to set up alerts and triggers for specific events.
AWS Config provides a detailed inventory of AWS resources and their configuration changes over time. It can be used to monitor changes in resource configurations and to automate compliance checks. AWS Config also allows users to set up rules to monitor resource changes and to remediate non-compliant resources.
In this scenario, both services are needed because CloudTrail provides a history of API calls made by users and entities, and Config provides a history of changes to resources. By using both services, it is possible to track changes made to the AWS environment by different users and entities and to ensure compliance with security policies.
Option A, AWS Config and AWS Inspector, is incorrect because AWS Inspector is a service that helps users to assess the security and compliance of applications deployed on AWS. It does not provide a history of API calls.
Option C, AWS CloudTrail and CloudWatch Events, is incorrect because CloudWatch Events is a service that allows users to monitor and respond to events in near-real time. While it can be used with CloudTrail, it does not provide a history of API calls.
Option D, AWS Config and AWS Lambda, is incorrect because AWS Lambda is a service that allows users to run code in response to events in AWS services. It does not provide a history of API calls.
