AWS Certified Developer – Associate — Question 219

A developer is trying to determine which IAM user is calling several AWS APIs from an application.

Which service would provide this information?

Answer options

• A. AWS Config
• B. AWS CloudTrail
• C. Amazon CloudWatch
• D. Amazon VPC Flow Logs

Correct answer: B

Explanation

AWS CloudTrail is the service that logs and monitors AWS API calls, making it the right choice for identifying the IAM user associated with those calls. AWS Config focuses on resource configuration history, Amazon CloudWatch is primarily for monitoring and logging performance metrics, and Amazon VPC Flow Logs capture network traffic data, none of which directly provide IAM user identification for API calls.