AWS Certified Cloud Practitioner Exam: Finding Information on Terminated EC2 Instances

Finding Information on Terminated EC2 Instances

Question

A company needs to know which user was responsible for terminating several critical Amazon Elastic Compute Cloud (EC2) Instances.

Where can the customer find this information?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - D.

Using CloudTrail, one can monitor all the API activity conducted on all AWS services.

The AWS Documentation additionally mentions the following.

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account.

With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure.

CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services.

This event history simplifies security analysis, resource change tracking, and troubleshooting.

For more information on AWS Cloudtrail, please refer to the below URL:

https://aws.amazon.com/cloudtrail/

Answers A, B and C are incorrect.

Cloudtrail is the most appropriate place to monitor activity in AWS.

The correct answer is D, AWS CloudTrail logs.

AWS CloudTrail is a service that records all API calls made in your AWS account by any user, including console sign-in events, AWS Management Console actions, and AWS service API calls. CloudTrail enables you to identify which user or resource made a particular API call, when they made it, and from which IP address or source.

In this scenario, the company needs to know which user terminated the EC2 instances. This information is available in the AWS CloudTrail logs. By searching the logs, the company can filter for the event type "TerminateInstances" and find out which user initiated the action. The CloudTrail logs provide a complete audit trail of all activity within an AWS account, making it an essential tool for security, compliance, and troubleshooting.

The other options listed are not relevant to this scenario:

  • AWS Trusted Advisor provides recommendations to optimize your AWS infrastructure, but it does not track user activity or API calls.
  • The Amazon EC2 instance usage report provides information on usage and costs of EC2 instances, but it does not track user activity or API calls.
  • Amazon CloudWatch is a monitoring service for AWS resources, but it does not track user activity or API calls.