Skip to Content

Amazon CLF-C02: Which AWS Service Identifies the User Who Deleted EC2 Instance?

By: Author Alex Lim

Posted on

Categories Exam

Discover how AWS CloudTrail helps identify the user responsible for deleting an Amazon EC2 instance. Learn why CloudTrail is the best choice for tracking and auditing AWS account activities.

Question

Which AWS service will help a company identify the user who deleted an Amazon EC2 instance yesterday?

A. Amazon CloudWatch
B. AWS Trusted Advisor
C. AWS CloudTrail
D. Amazon Inspector

Answer

C. AWS CloudTrail

Explanation

AWS CloudTrail is a service that enables you to track user activity and API usage across your AWS account, essential for identifying specific actions such as deleting an EC2 instance.

AWS CloudTrail is the ideal service to identify who deleted an Amazon EC2 instance. It records all API calls made in your AWS account, including actions taken through the AWS Management Console, SDKs, CLI, and other services. These logs provide detailed information about:

  • Who performed the action (user identity or role).
  • What action was taken (e.g., TerminateInstances for EC2 deletion).
  • When the action occurred.
  • Where it was initiated from (e.g., IP address).

For this specific scenario, you can use CloudTrail’s Event History to filter events by service (Amazon EC2) and action (TerminateInstances). This will reveal the user or role responsible for deleting the instance, along with other details such as timestamps and request parameters.

Key Features of AWS CloudTrail

  • Event History: View up to 90 days of account activity directly in the console.
  • Trails: Create trails to deliver logs to an Amazon S3 bucket for long-term storage and advanced analysis.
  • Insights: Detect unusual API activity patterns.
  • Integration: Works seamlessly with services like Amazon Athena for querying logs.

By using CloudTrail, you can ensure compliance, enhance security, and troubleshoot operational issues effectively.

Amazon AWS Certified Cloud Practitioner CLF-C02 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Cloud Practitioner CLF-C02 exam and earn Amazon AWS Certified Cloud Practitioner CLF-C02 certification.