AWS Certified Solutions Architect – Associate (SAA-C03) — Question 384

An IAM user made several configuration changes to AWS resources in their company's account during a production deployment last week. A solutions architect learned that a couple of security group rules are not configured as desired. The solutions architect wants to confirm which IAM user was responsible for making changes.

Which service should the solutions architect use to find the desired information?

Answer options

• A. Amazon GuardDuty
• B. Amazon Inspector
• C. AWS CloudTrail
• D. AWS Config

Correct answer: C

Explanation

AWS CloudTrail records API activity and user actions across your AWS infrastructure, enabling you to audit and identify exactly which IAM user made specific configuration changes. While AWS Config tracks the history of resource configurations, it does not log the identity of the user who made the API call. Amazon GuardDuty and Amazon Inspector are security monitoring and vulnerability assessment tools, respectively, and do not provide user activity audit logs.