A database specialist working with an Amazon RDS database would like to be notified if the master password is changed.
What service provides the optimal solution for this requirement?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: D.
Option A is incorrect because AWS CloudTrail is a log of AWS services API activity and not RDS database logs.
Option B is incorrect because AWS CloudWatch is a service for monitoring and collecting RDS metrics (e.g., CPU, RAM, Network consumption)
It is possible to configure RDS to send logs to CloudWatch logs.
However, configuring notifications based on those logs would require additional manual configuration steps such as setting up filters, alarms, SNS topics and subscriptions.
This is not the optimal solution.
Option C is incorrect because AWS Config is a service for tracking and monitoring configuration changes of AWS resources at the resource/service management plane.
Option D is CORRECT because Amazon RDS Event Notification is a native capability of RDS that can be enabled and provides notifications for various categories of database events.
Specifically, a configuration change event with id RDS-EVENT-0016 is created when an RDS instance master password is reset.
Reference:
https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/USER_Events.htmlThe correct answer is D. Amazon RDS Event Notification.
Explanation:
Amazon RDS Event Notification allows you to receive notifications for Amazon RDS events such as changes to the master password. Amazon RDS provides an event notification subscription feature for DB instances, DB clusters, and DB parameter groups. You can use this feature to receive email or SMS notifications for specific Amazon RDS events that occur in your DB instances, DB clusters, or DB parameter groups.
AWS CloudTrail is a service that provides a record of actions taken by a user, role, or an AWS service in Amazon RDS. CloudTrail captures API calls made by Amazon RDS in the CloudTrail log. While CloudTrail can be used to identify changes made to the RDS instance or RDS clusters, it doesn't provide a direct way to notify about changes to the master password.
AWS CloudWatch is a monitoring service for AWS resources and applications that provides data and insights into your applications and systems. While CloudWatch can be used to monitor the performance and metrics of RDS instances and clusters, it doesn't provide a direct way to notify about changes to the master password.
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. It provides a detailed view of the configuration of AWS resources and their relationships to one another. While AWS Config can help you identify changes made to RDS instances or clusters, it doesn't provide a direct way to notify about changes to the master password.
In conclusion, Amazon RDS Event Notification provides the optimal solution for the requirement of being notified when the master password is changed in an Amazon RDS database.