Which actions should the solutions architect take to meet these requirements?
(Choose two.)
Enable AWS CloudTrail and use it for auditing.
Use data lifecycle policies for the Amazon EC2 instances.
Enable AWS Trusted Advisor and reference the security dashboard.
Enable AWS Config and create rules for auditing and compliance purposes.
Restore previous resource configurations with an AWS CloudFormation template.
Explanations:
Enabling AWS CloudTrail allows the company to log and monitor API calls made in their AWS account, providing a detailed audit trail of changes made to resources, including EC2 instance provisioning and security group modifications. This meets the requirement for tracking and auditing inventory and configuration changes.
Data lifecycle policies are primarily used for managing the lifecycle of AWS resources like S3 objects and do not directly address tracking or auditing changes to EC2 instances or security groups. Therefore, this option does not meet the requirements.
AWS Trusted Advisor provides best practices and recommendations but does not track changes or provide auditing capabilities for EC2 instances or security groups. It is more focused on cost optimization, performance, security, and fault tolerance, making it insufficient for the auditing requirement.
AWS Config provides a detailed view of the configuration of AWS resources, allowing for the tracking of changes over time. It can be configured with rules to assess compliance against best practices, making it a valuable tool for auditing and ensuring that configurations align with the company’s policies.
While AWS CloudFormation templates can be used to restore resource configurations, they do not provide tracking or auditing capabilities for changes made to resources after deployment. This option does not fulfill the requirement to audit changes effectively.