A company needs to know which user was responsible for terminating several critical Amazon Elastic Compute Cloud (EC2) Instances.
Where can the customer find this information?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - D.
Using CloudTrail, one can monitor all the API activity conducted on all AWS services.
The AWS Documentation additionally mentions the following.
AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of your AWS account.
With CloudTrail, you can log, continuously monitor, and retain account activity related to actions across your AWS infrastructure.
CloudTrail provides event history of your AWS account activity, including actions taken through the AWS Management Console, AWS SDKs, command line tools, and other AWS services.
This event history simplifies security analysis, resource change tracking, and troubleshooting.
For more information on AWS Cloudtrail, please refer to the below URL:
https://aws.amazon.com/cloudtrail/Answers A, B and C are incorrect.
Cloudtrail is the most appropriate place to monitor activity in AWS.
The correct answer is D, AWS CloudTrail logs.
AWS CloudTrail is a service that records all API calls made in your AWS account by any user, including console sign-in events, AWS Management Console actions, and AWS service API calls. CloudTrail enables you to identify which user or resource made a particular API call, when they made it, and from which IP address or source.
In this scenario, the company needs to know which user terminated the EC2 instances. This information is available in the AWS CloudTrail logs. By searching the logs, the company can filter for the event type "TerminateInstances" and find out which user initiated the action. The CloudTrail logs provide a complete audit trail of all activity within an AWS account, making it an essential tool for security, compliance, and troubleshooting.
The other options listed are not relevant to this scenario: