Which solution will meet these requirements?
Set up Amazon Detective to record security group changes. Specify an Amazon CloudWatch Logs log group to store configuration history logs. Create an Amazon Simple Queue Service (Amazon SQS) queue for notifications about configuration changes. Subscribe the SysOps administrator’s email address to the SQS queue.
Set up AWS Systems Manager Change Manager to record security group changes. Specify an Amazon CloudWatch Logs log group to store configuration history logs. Create an Amazon Simple Notification Service (Amazon SNS) topic for notifications about configuration changes. Subscribe the SysOps administrator’s email address to the SNS topic.
Set up AWS Config to record security group changes. Specify an Amazon S3 bucket as the location for configuration snapshots and history files. Create an Amazon Simple Notification Service (Amazon SNS) topic for notifications about configuration changes. Subscribe the SysOps administrator’s email address to the SNS topic.
Set up Amazon Detective to record security group changes. Specify an Amazon S3 bucket as the location for configuration snapshots and history files. Create an Amazon Simple Notification Service (Amazon SNS) topic for notifications about configuration changes. Subscribe the SysOps administrator’s email address to the SNS topic.
Explanations:
Amazon Detective is not designed to track configuration changes like security group modifications. It focuses on security investigation and analysis rather than logging or notifying changes in AWS resources.
AWS Systems Manager Change Manager is designed for change management processes like patching and deployment, not specifically for tracking security group changes. It also doesn’t provide an easy way to monitor security groups directly.
AWS Config is specifically designed to track configuration changes for AWS resources, including security groups. It provides configuration history, snapshots, and can send notifications via SNS when a change occurs, making it ideal for this use case.
Amazon Detective does not track configuration changes to security groups and is not designed to handle monitoring or notifications for changes in resource configurations like AWS Config.