AWS Certified SysOps Administrator – Associate (legacy) — Question 901

A SysOps Administrator noticed that a large number of Elastic IP addresses are being created on the company's AWS account., but they are not being associated with Amazon EC2 instances, and are incurring Elastic IP address charges in the monthly bill.
How can the Administrator identify who is creating the Elastic IP address?

Answer options

• A. Attach a cost-allocation tag to each requested Elastic IP address with the IAM user name of the Developer who creates it.
• B. Query AWS CloudTrail logs by using Amazon Athena to search for Elastic IP address events.
• C. Create a CloudWatch alarm on the EIPCreated metric and send an Amazon SNS notification when the alarm triggers.
• D. Use Amazon Inspector to get a report of all Elastic IP addresses created in the last 30 days.

Correct answer: B

Explanation

AWS CloudTrail records API activity within an AWS account, capturing the identity of the user or role that requested the Elastic IP address. Querying these logs with Amazon Athena allows the Administrator to search for relevant API events like AllocateAddress and identify the responsible party. Other options are incorrect because Amazon Inspector is a vulnerability scanner, CloudWatch does not have a default 'EIPCreated' metric, and tagging cannot retroactively identify creators of existing untagged resources.