Learn the correct way to determine which IAM user or role deleted an Amazon RDS DB instance within the past 90 days using AWS CloudTrail events.
Table of Contents
Question
A company had an Amazon RDS for MySQL DB instance that was named mysql-db. The DB instance was deleted within the past 90 days.
A developer needs to find which IAM user or role deleted the DB instance in the AWS environment.
Which solution will provide this information?
A. Retrieve the AWS CloudTrail events for the resource mysql-db where the event name is DeleteDBInstance. Inspect each event.
B. Retrieve the Amazon CloudWatch log events from the most recent log stream within the rds/mysql-db log group. Inspect the log events.
C. Retrieve the AWS X-Ray trace summaries. Filter by services with the name mysql-db. Inspect the ErrorRootCauses values within each summary.
D. Retrieve the AWS Systems Manager deletions inventory. Filter the inventory by deletions that have a TypeName value of RDS. Inspect the deletion details.
Answer
A. Retrieve the AWS CloudTrail events for the resource mysql-db where the event name is DeleteDBInstance. Inspect each event.
Explanation
AWS CloudTrail records API calls for your account and delivers log files to you, including API calls made via the AWS Management Console, AWS SDKs, command line tools, and higher-level AWS services. This makes it the ideal service to determine who took a specific action in your AWS environment, such as deleting an RDS DB instance.
To find out who deleted the mysql-db instance, you would need to look through the CloudTrail events for that specific resource name where the API call recorded was DeleteDBInstance. The CloudTrail event details will include information about which IAM user or role made the API call to delete the DB instance.
The other options are incorrect:
B. Amazon CloudWatch logs would not contain information about who deleted the DB instance. CloudWatch is used more for monitoring performance metrics and log streams from the DB instance itself.
C. AWS X-Ray is used for analyzing and debugging production, distributed applications, such as those built using a microservices architecture. It is not used for auditing control plane actions like deleting RDS instances.
D. AWS Systems Manager inventory does not track deletion of RDS instances. It is used to collect metadata about your instances, such as installed applications, network configurations, and more.
In summary, to find out which IAM user or role deleted an RDS DB instance within the last 90 days, search AWS CloudTrail events for DeleteDBInstance API calls related to that specific DB instance resource name.
Amazon AWS Certified Developer – Associate DVA-C02 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Developer – Associate DVA-C02 exam and earn Amazon AWS Certified Developer – Associate DVA-C02 certification.