Which actions should the solutions architect take to meet these requirements?
(Choose two.)
Enable AWS CloudTrail and use it for auditing.
Use data lifecycle policies for the Amazon EC2 instances.
Enable AWS Trusted Advisor and reference the security dashboard.
Enable AWS Config and create rules for auditing and compliance purposes.
Restore previous resource configurations with an AWS CloudFormation template.
Explanations:
AWS CloudTrail records API calls made in the AWS account, enabling auditing of actions such as provisioning EC2 instances and modifying security group rules. This allows the company to track who made changes and when, providing visibility into user activities.
Data lifecycle policies are used to manage the lifecycle of data in services like Amazon S3, but they do not track or audit EC2 instance configurations or security group changes. Therefore, this option does not meet the requirements for tracking and auditing configuration changes.
AWS Trusted Advisor provides best practice recommendations but does not provide detailed auditing capabilities for configuration changes. It may highlight some underutilized resources, but it lacks the detailed tracking and auditing functionalities required in this scenario.
AWS Config continuously monitors and records AWS resource configurations and changes. It can evaluate configurations against defined rules for compliance and security purposes, making it ideal for tracking and auditing EC2 instances and security group modifications.
AWS CloudFormation templates can be used to provision and restore infrastructure, but they do not track or audit changes made to existing resources. This option is not suitable for ongoing tracking and auditing of inventory and configuration changes.