AWS EC2 Instance Type Mismatch - Check and Update Instances

Find EC2 Instances Not Matching New IT Procedures

Prev Question Next Question

Question

Your company has a set of EC2 resources hosted on AWS.

Your new IT procedures state that AWS EC2 Instances must be of a particular instance type.

Which of the following can be used to get the list of EC2 Instances which currently don't match the instance type specified in the new IT procedures?

Answers

A. Use AWS Cloudwatch alarms to check which EC2 Instances don’t match the intended instance type.

B. Use AWS Config to create a rule to check the EC2 Instance type.

C. Use TrustedAdvisor to check which EC2 Instances don’t match the intended instance type.

D. Use VPC Flow Logs to check which EC2 Instances don’t match the intended instance type.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - B.

In AWS Config, you can create a rule which can be used to check if EC2 Instances follow a particular instance type.

Below is a snapshot of the output of a rule to check if EC2 instances match the type of t2.micro.

For more information on AWS Config, please visit the below URL:

https://aws.amazon.com/config/

Description
Trigger type
Scope of changes
Resource types
Config rule ARN
Parameters

Overall rule status

Checks whether your EC2 instances are of the specified instance types.
Configuration changes

Resources
EC2 Instance

arn:aws:config:ap-southeast-1:213171387512:config-rule/config-rule-1exnif
instanceType: t2.micro

Last successful invocation on August 29, 2017 at 12:06:57 PM @
Last successful evaluation on August 29, 2017 at 12:06:59 PM @

Resources evaluated

Click on the € icon to view configuration details for the resource when it was last evaluated with this rule.

Resource type

EC2 Instance

EC2 Instance

Config timeline » Compliance y Last successful
© invocation
b Noncompliant August 29, 2017
0798cb2c515b3aa5 11:25:10 AM
0
b Noncompliant August 29, 2017

0f2a1120bec8db3d0 12:06:57 PM.

Last successful
evaluation

August 29, 2017
44:25:12 AM

August 29, 2017
12:06:59 PM.

¢

fed

The correct answer to this question is B. Use AWS Config to create a rule to check the EC2 Instance type.

Explanation: AWS Config is a fully managed service that provides a detailed view of the configuration of AWS resources. AWS Config allows users to create rules that can be used to audit the compliance of AWS resources. The rules in AWS Config are based on AWS managed rules, custom rules, and AWS Lambda-based custom rules. Using AWS Config, users can check whether the configuration of an AWS resource complies with a rule, and receive notifications when a resource changes its configuration state.

In this scenario, the new IT procedures state that EC2 instances must be of a particular instance type. AWS Config can be used to create a custom rule that checks whether an EC2 instance is of the intended instance type. If an EC2 instance is not of the intended instance type, AWS Config can generate a noncompliant resource notification, which can be used to inform the IT team about the noncompliant resource.

Option A, using AWS CloudWatch alarms, is not a suitable solution because CloudWatch alarms are used to monitor metrics and trigger alerts when the metric breaches the threshold. CloudWatch alarms cannot be used to check the instance type of EC2 instances.

Option C, using TrustedAdvisor, is not a suitable solution because TrustedAdvisor provides recommendations to improve the security, reliability, and cost optimization of AWS resources. TrustedAdvisor does not have a rule that checks the instance type of EC2 instances.

Option D, using VPC Flow Logs, is not a suitable solution because VPC Flow Logs provide detailed information about the traffic to and from the network interfaces in an EC2 instance. VPC Flow Logs do not provide information about the instance type of an EC2 instance.

Prev Question Next Question