A company requires near-real-time notifications when changes are made to Amazon RDS DB security groups. Which solution will meet this requirement with the LEAST operational overhead?
A.
Configure an RDS event notification subscription for DB security group events.
B.
Create an AWS Lambda function that monitors DB security group changes. Create an Amazon Simple Notification Service (Amazon SNS) topic for notification.
C.
Turn on AWS CloudTrail. Configure notifications for the detection of changes to DB security groups.
D.
Configure an Amazon CloudWatch alarm for RDS metrics about changes to DB security groups.
If you read the document, you will see:
"DB security groups are resources for EC2-Classic. EC2-Classic was retired on August 15, 2022. If you haven't migrated from EC2-Classic to a VPC, we recommend that you migrate as soon as possible. "
LEAST operational overhead - Event notification for SG, https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_Events.Messages.html#USER_Events.Messages.security-group
They keyword is "near real-time".
It's fulfilled by CloudWatch.
RDS event notifications might take up to five minutes to be delivered. That doesn't satisfy the requirement.
The correct answer is:
C. Turn on AWS CloudTrail. Configure notifications for the detection of changes to DB security groups.
Explanation:
AWS CloudTrail captures all API calls for Amazon RDS as events, including calls from the Amazon RDS console and from code calls to the Amazon RDS APIs. If you create a trail, you can enable continuous delivery of CloudTrail events to an Amazon S3 bucket, including events for RDS. You can then use Amazon EventBridge (formerly known as CloudWatch Events) to detect and react to changes on your AWS resources like the modifications in your RDS Security Group.
Options A, B, and D are incorrect:
A. Configuring an RDS event notification subscription will not cover DB security group changes, it's more targeted towards DB instance state changes, failover etc.
Sorry.. I've just checked.
Source type of resource this subscription will consume events from we can select Security group event configuration change.
So I will select A
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
mbar94
Highly Voted 2 years, 9 months agoaviathor
2 years agoSathish_dbs
Most Recent 1 year, 8 months agoGermaneli
1 year, 8 months agoGermaneli
1 year, 8 months agoPranava_GCP
1 year, 9 months agodougporto1988
1 year, 12 months agodougporto1988
1 year, 12 months agoSonamDhingra
2 years, 8 months ago