What can a user accomplish using AWS CloudTrail?
Generate an IAM user credentials report.
Record API calls made to AWS services.
Assess the compliance of AWS resource configurations with policies and guidelines.
Ensure that Amazon EC2 instances are patched with the latest security updates.
Explanations:
AWS CloudTrail does not generate IAM user credentials reports; this function is performed by AWS IAM’s credential reports feature.
AWS CloudTrail is specifically designed to record API calls made to AWS services, providing a history of account activity and changes.
While CloudTrail logs API calls, it does not directly assess compliance of AWS resource configurations; this is typically done using AWS Config.
CloudTrail does not ensure that EC2 instances are patched; this is managed through AWS Systems Manager and other patch management services.