What should the SysOps Administrator do to provide near real-time compliance reporting?
Enable AWS Trusted Advisor and show the Security team that the Security Groups unrestricted access check will alarm.
Schedule an AWS Lambda function to run hourly to scan and evaluate all security groups, and send a report to the Security team.
Use AWS Config to enable the restricted-common-ports rule, and add port 80 to the parameters.
Use Amazon Inspector to evaluate the security groups during scans, and send the completed reports to the Security team.
Explanations:
AWS Trusted Advisor provides a general overview of security best practices, but it doesn’t provide near real-time monitoring or specific compliance reporting for security groups regarding port 80.
While AWS Lambda could scan and evaluate security groups, it wouldn’t be an efficient or optimal solution for near real-time compliance reporting compared to AWS Config, which is designed for continuous compliance tracking.
AWS Config’s “restricted-common-ports” rule specifically evaluates whether common ports like port 80 are open in security groups, and can be configured to send near real-time compliance alerts.
Amazon Inspector primarily evaluates vulnerabilities within EC2 instances and does not provide real-time compliance monitoring for security group configurations.