AWS Managed Services for Monitoring Network Component Changes

Monitoring Networking Components in AWS

Prev Question Next Question

Question

Your company has set up a host of networking components in AWS.

They have stringent controls in place to ensure that these networking components are only changed by designated IT personnel.

But they still need to get notified of any unwarranted changes, such as the modifications of networking components.

Which of the following AWS managed services can help in this requirement?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - B.

The AWS Documentation mentions the following.

AWS CloudTrail provides a history of AWS API calls for an account, including API calls made via the AWS Management Console, AWS SDKs, command-line tools, and higher-level AWS services (such as AWS CloudFormation)

This AWS API call history enables security analysis, resource change tracking, and compliance auditing.

Customers can also deliver CloudTrail data to CloudWatch Logs to store, monitor, and process API calls for network-specific changes and send appropriate notifications.

CloudTrail provides an AWS CloudFormation template to automatically create CloudWatch alarms for security- and network-related API activity.

This is also used to monitor the changes made to networking components by any user too.

Option A is incorrect since this can be used only to monitor the traffic to the VPC.Option C is incorrect since this cannot be used to monitor changes to network resources.

Option D is incorrect since this can only be used to perform vulnerability scan analysis on EC2 Instances.

For more information on Networking management and monitoring, please refer to the below URL.

https://aws.amazon.com/answers/networking/vpc-network-management-and-monitoring/

The AWS managed service that can help in the requirement of getting notified of any unwarranted changes made to networking components is AWS CloudTrail (Option B).

AWS CloudTrail is a service that enables governance, compliance, operational auditing, and risk auditing of AWS accounts. It records API calls made in an AWS account and delivers log files that contain information about those API calls. These log files can be used to perform security analysis, resource change tracking, and troubleshooting.

In this scenario, AWS CloudTrail can be used to track changes made to networking components in the company's AWS account. Whenever a change is made, CloudTrail logs the event and sends notifications to designated IT personnel via Amazon SNS or AWS Lambda. By monitoring these notifications, the IT personnel can quickly detect any unauthorized changes to the networking components and take corrective action.

AWS VPC Flow Logs (Option A) is a feature that enables the capture of information about IP traffic going to and from network interfaces in a VPC. It can help in troubleshooting connectivity issues, monitoring traffic, and performing security analysis. However, it does not track changes made to networking components.

AWS Trusted Advisor (Option C) is a service that provides recommendations to optimize AWS infrastructure based on AWS best practices. It does not track changes made to networking components.

AWS Inspector (Option D) is a security assessment service that helps in identifying security vulnerabilities and deviations from security best practices. It does not track changes made to networking components.

In summary, the AWS managed service that can help in getting notified of any unwarranted changes made to networking components is AWS CloudTrail.