Which solution will provide this information?
Retrieve the AWS CloudTrail events for the resource mysql-db where the event name is DeleteDBInstance. Inspect each event.
Retrieve the Amazon CloudWatch log events from the most recent log stream within the rds/mysql-db log group. Inspect the log events.
Retrieve the AWS X-Ray trace summaries. Filter by services with the name mysql-db. Inspect the ErrorRootCauses values within each summary.
Retrieve the AWS Systems Manager deletions inventory. Filter the inventory by deletions that have a TypeName value of RDS. Inspect the deletion details.
Explanations:
AWS CloudTrail logs all API calls made in the account, including the DeleteDBInstance event. By filtering for this event related to the mysql-db resource, you can identify the IAM user or role that initiated the deletion. This is the most direct method to track changes made to AWS resources.
Amazon CloudWatch logs do not directly record the actions taken on RDS instances, such as deletions. They are primarily used for monitoring performance and error logs, not for auditing IAM actions. Therefore, it will not provide information about who deleted the DB instance.
AWS X-Ray is used for monitoring and debugging applications, tracking requests through AWS services. It does not log AWS API calls related to resource deletions, so it won’t provide details about the deletion of the mysql-db instance or the IAM user or role responsible for it.
AWS Systems Manager does not maintain an inventory specifically for deletions of RDS instances. It primarily manages operational data and configuration, but it does not provide audit trails for specific API actions such as deletions. Thus, it cannot be used to identify who deleted the DB instance.