What can an Administrator do to monitor whether an organization’s instances are compliant with corporate policies and guidelines?
Check the instances’ metadata to determine what software is running.
Use AWS CloudTrail logs to identify the applications running on the instances.
Set CloudWatch alarms that are triggered with any software change on the instances.
Using Config Rules in the AWS Config service to check the instance’s configuration and applications.
Explanations:
Checking the instances’ metadata provides limited information about running software and does not offer a comprehensive view of compliance with corporate policies. Metadata alone cannot confirm whether the configurations adhere to guidelines.
AWS CloudTrail logs track API calls and events in the AWS account but do not specifically identify the applications running on instances. This method is not effective for monitoring compliance with corporate policies related to the configuration of the instances themselves.
Setting CloudWatch alarms can help detect changes, but it does not inherently monitor compliance with corporate policies. Alarms would need to be specifically configured to track compliance-related changes, making this approach less straightforward and comprehensive.
Using Config Rules in AWS Config allows for continuous monitoring of AWS resource configurations. It enables the administrator to assess compliance against defined corporate policies and guidelines effectively, making it the most suitable option for monitoring compliance.