Answer-first summary for fast verification
Answer: AWS Config
**Explanation:** AWS Config is the correct service for tracking, recording, and auditing configuration changes to AWS resources. Here's why: **Key Features of AWS Config:** - **Configuration History**: Maintains a detailed history of configuration changes for AWS resources - **Compliance Monitoring**: Continuously monitors and records resource configurations - **Change Tracking**: Provides visibility into how resources are configured and how they change over time - **Audit Trail**: Creates an audit trail of configuration changes for security and compliance purposes **Why other options are incorrect:** - **AWS Shield**: This is a managed DDoS protection service, not for configuration tracking - **AWS IAM**: Identity and Access Management service for controlling access to AWS resources, not for configuration change tracking - **Amazon Inspector**: Automated security assessment service that checks for security vulnerabilities, not for configuration change auditing **Use Cases for AWS Config:** 1. **Security Compliance**: Ensure resources comply with security policies 2. **Change Management**: Track who made changes and when 3. **Troubleshooting**: Identify configuration changes that may have caused issues 4. **Audit Requirements**: Meet regulatory and compliance audit requirements AWS Config helps organizations maintain visibility and control over their AWS resource configurations, making it essential for governance and compliance.
Author: Ritesh Yadav
Ultimate access to all questions.
No comments yet.