Which solution will meet this requirement?
Use Macie to detect an active DDoS event. Create Amazon CloudWatch alarms that respond to Macie findings.
Use Amazon Inspector to review resources and to invoke Amazon CloudWatch alarms for any resources that are vulnerable to DDoS attacks.
Create an Amazon CloudWatch alarm that monitors Firewall Manager metrics for an active DDoS event.
Create an Amazon CloudWatch alarm that monitors Shield Advanced metrics for an active DDoS event.
Explanations:
Amazon Macie is primarily designed for data security and privacy, focusing on sensitive data identification and protection. It is not intended for detecting DDoS attacks, so it cannot be used to generate alerts for such events.
Amazon Inspector is a security assessment service that helps identify vulnerabilities and compliance issues in applications and resources. While it can enhance security, it does not specifically monitor for DDoS attacks, making it unsuitable for alerting on such events.
AWS Firewall Manager is used to manage firewall rules across accounts, but it does not have direct metrics related to DDoS attacks that would trigger CloudWatch alarms. Therefore, monitoring Firewall Manager metrics would not be an effective solution for DDoS alerts.
AWS Shield Advanced is specifically designed to protect against DDoS attacks and provides detailed metrics and reporting on DDoS events. By creating a CloudWatch alarm that monitors Shield Advanced metrics, the company can receive timely alerts for any active DDoS attacks against its AWS account.
I guess:
Create an Amazon CloudWatch alarm that monitors Shield Advanced metrics for an active DDoS event.