Best Service for Tracking and Inventorying Configuration Changes on AWS Resources
Question
An administrator is running a large deployment of AWS resources that are spread across several AWS Regions.
They would like to keep track of configuration changes on all the resources and maintain a configuration inventory.
What is the best service they can use?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer - D.
AWS Config will meet the scenario requirements.
The service allows the administrator to monitor and record configuration changes on AWS resources in their account.
The service also allows the administrator to create a resource configuration inventory.
https://aws.amazon.com/config/Option A is incorrect because AWS CloudFormation will allow the administrator to create templates of resources such as EC2 instances and RDS instances but not the actual configurations in these resources.
Option B is incorrect because Templates and Stacks form the basis of AWS CloudFormation.
They aid in the automated deployment of whole environments but not the applications that run in them.
Option C is incorrect because AWS Backup is a fully managed service that allows the administrator to back up data in the cloud and on-premises.
The service is not the most appropriate to monitor and record resource configuration changes.
The best service for an administrator to keep track of configuration changes on all resources and maintain a configuration inventory in a large deployment of AWS resources spread across several AWS regions is AWS Config (option D).
AWS Config is a fully managed service that provides a detailed inventory of AWS resources and their current configuration. It continuously records and evaluates changes to AWS resource configurations and provides visibility into resource relationships, enabling administrators to track changes and monitor compliance.
AWS Config enables the creation of rules to ensure compliance with internal policies, industry regulations, and best practices, which can help prevent security and compliance issues. With AWS Config, administrators can set up notifications, view detailed resource configuration history, and troubleshoot configuration issues, all within a centralized dashboard.
Option A, AWS CloudFormation, is a service that allows administrators to automate the deployment and management of AWS resources. While it can be used to create and manage templates for infrastructure as code, it does not provide the configuration inventory or change tracking capabilities that AWS Config does.
Option B, Stacks and Templates, is not a service but rather a feature of AWS CloudFormation. Stacks refer to a collection of AWS resources that are created and managed together as a single unit. Templates refer to the JSON or YAML files used to define the infrastructure as code.
Option C, AWS Backup, is a service that provides centralized backup and recovery of AWS resources. While it can be used to backup and restore resources, it does not provide the configuration inventory or change tracking capabilities that AWS Config does.
