AWS ECS Service Parameter Deletion
Question
A web application is deployed in AWS ECS service.
Since last week, new ECS tasks cannot be started.
After further troubleshooting, you found that an environment variable used by the Docker containers has been deleted in AWS Systems Manager Parameter Store.
As a result, the ECS tasks failed to launch.
You need to quickly find out when and how the parameter in Parameter Store was deleted.
Which option would you choose?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer : B.
Option A is incorrect because the parameter was already deleted so a new AWS Config rule does not help.
The new rule can be used to report the actions that will happen in the future.
Option B is CORRECT because CloudTrail Event History can record the events happening in 90 days.
You can search for the “DeleteParameter” or “DeleteParameters” events as below:
Option C is incorrect because this method can report the future events but not the ones that have already happened last week.
Option D is incorrect because in AWS Config resources, you should check the Configuration Timeline instead of the Compliance Timeline.
Reference:
https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteParameter.html, https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteParameters.html
The correct answer for this question is B. Open Event History in AWS CloudTrail. Search for the events “DeleteParameter” and “DeleteParameters” for the last week and check the event details.
Here's a detailed explanation for each option:
A. Configure a new AWS Config rule that can check the activities of parameter deletion and report the events to an SNS subscription. This option involves creating a new AWS Config rule to monitor the activity of parameter deletion and receive notifications via SNS when such activity occurs. While this could be a useful long-term solution, it won't help us find out when and how the parameter was deleted in the past week.
B. Open Event History in AWS CloudTrail. Search for the events “DeleteParameter” and “DeleteParameters” for the last week and check the event details. This option involves using AWS CloudTrail to search for events related to the deletion of the parameter. CloudTrail is a service that logs and monitors all API calls made within an AWS account. We can search for specific events, such as "DeleteParameter" and "DeleteParameters," and look at the event details to determine when and how the parameter was deleted. This option is the most appropriate and quickest way to find the root cause of the issue.
C. Create a CloudWatch Event rule for the events “DeleteParameter” and “DeleteParameters”. Trigger an email notification and check the event details in the notification. This option involves creating a CloudWatch Event rule to monitor the activity of parameter deletion and sending email notifications when such activity occurs. Similar to option A, while this could be a useful long-term solution, it won't help us find out when and how the parameter was deleted in the past week.
D. Search for the parameter in AWS Config resources. Check its Compliance Timeline to see when the parameter resource became non-compliant. This option involves checking the compliance timeline of the parameter in AWS Config to determine when it became non-compliant. However, this option doesn't provide information on how the parameter was deleted or who deleted it.
Therefore, option B is the most appropriate and quickest solution to find out when and how the parameter was deleted in the past week.