AWS Configuration Change Tracking Services

Retrieving Configuration Changes in AWS

Question

Which of the following AWS services can be used to retrieve configuration changes made to AWS resources causing operational issues?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer - D.

AWS Config can be used to audit, evaluate configurations of AWS resources.

If there are any operational issues, AWS config can be used to retrieve configurational changes made to AWS resources that may have caused these issues.

Option A is incorrect as Amazon Inspector can be used to analyze potential security threats for an Amazon EC2 instance against an assessment template with predefined rules.

It does not provide historical data for configurational changes done to AWS resources.

Option B is incorrect as AWS CloudFormation provided templates to provision and configure resources in AWS.

Option C is incorrect as AWS Trusted Advisor can help optimize resources with AWS cloud with respect to cost, security, performance, fault tolerance, and service limits.

It does not provide historical data for configurational changes done to AWS resources.

For more information on AWS Config, refer to the following URL:

https://docs.aws.amazon.com/config/latest/developerguide/WhatIsConfig.html

The AWS service that can be used to retrieve configuration changes made to AWS resources causing operational issues is AWS Config (Option D).

AWS Config is a fully managed service that provides you with an inventory of your AWS resources, the history of configurations and changes, and configuration compliance against rules specified by you. It continuously tracks and records changes made to AWS resources and configuration item details, which can be accessed through the AWS Config console or API.

In the case of operational issues, AWS Config can be used to retrieve configuration changes made to AWS resources that could have caused the issue. You can view the configuration history for a particular resource, and identify any changes that were made leading up to the issue.

Option A, Amazon Inspector, is a security assessment service that helps in identifying vulnerabilities and deviations from best practices in applications running on AWS. It does not provide configuration change tracking.

Option B, AWS CloudFormation, is a service that helps in creating and managing AWS resources through templates. It does not provide configuration change tracking.

Option C, AWS Trusted Advisor, provides real-time guidance to help you optimize your resources for performance, security, and cost. It does not provide configuration change tracking.

Therefore, the correct answer is Option D, AWS Config.