AWS Configuration Change Tracking: Identify Operational Issues Efficiently

Retrieving Configuration Changes in AWS Resources

Question

Which of the following AWS services can be used to retrieve configuration changes made to AWS resources causing operational issues?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer - D.

AWS Config can be used to audit, evaluate configurations of AWS resources.

If there are any operational issues, AWS config can be used to retrieve configurational changes made to AWS resources that may have caused these issues.

Option A is incorrect as Amazon Inspector can be used to analyze potential security threats for an Amazon EC2 instance against an assessment template with predefined rules.

It does not provide historical data for configurational changes done to AWS resources.

Option B is incorrect as AWS CloudFormation provided templates to provision and configure resources in AWS.

Option C is incorrect as AWS Trusted Advisor can help optimize resources with AWS cloud with respect to cost, security, performance, fault tolerance, and service limits.

It does not provide historical data for configurational changes done to AWS resources.

For more information on AWS Config, refer to the following URL:

https://docs.aws.amazon.com/config/latest/developerguide/WhatIsConfig.html

The correct answer is D. AWS Config.

AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources continuously. It provides a detailed view of the resources in your account and captures the configuration changes made to them.

With AWS Config, you can use AWS Config rules to evaluate the configuration changes against a set of predefined or custom rules, and get notified through Amazon SNS when a resource violates any of the rules. Additionally, AWS Config provides you with an audit trail of the changes made to your resources and can help you to troubleshoot operational issues.

The other options are incorrect:

A. Amazon Inspector is a security assessment service that helps you to improve the security and compliance of your applications by automatically assessing the vulnerabilities in your EC2 instances and applications.

B. AWS CloudFormation is a service that allows you to create and manage a collection of related AWS resources, including EC2 instances, S3 buckets, and Lambda functions, in a predictable and repeatable way. CloudFormation helps you to automate the provisioning and configuration of your AWS infrastructure.

C. AWS Trusted Advisor is an online tool that provides you with real-time guidance to help you optimize your AWS resources, increase security and performance, and reduce your overall costs. It provides you with recommendations based on your usage and best practices for the AWS services you are using.

Therefore, D. AWS Config is the correct answer to this question.