Your company has set up a host of networking components in AWS. They have stringent controls in place to ensure that these networking components are only changed by designated IT personnel. But they still need to get notified of any unwarranted changes, such as the modifications of networking components. Which of the following AWS managed services can help in this requirement?

Answer options:

A.AWS VPC Flow Logs
B.AWS CloudTrail
C.AWS Trusted Advisor
D.AWS Inspector

Answer – B
The AWS Documentation mentions the following.
AWS CloudTrail provides a history of AWS API calls for an account, including API calls made via the AWS Management Console, AWS SDKs, command-line tools, and higher-level AWS services (such as AWS CloudFormation). This AWS API call history enables security analysis, resource change tracking, and compliance auditing. Customers can also deliver CloudTrail data to CloudWatch Logs to store, monitor, and process API calls for network-specific changes and send appropriate notifications. CloudTrail provides an AWS CloudFormation template to automatically create CloudWatch alarms for security- and network-related API activity. This is also used to monitor the changes made to networking components by any user too.
Option A is incorrect since this can be used only to monitor the traffic to the VPC.Option C is incorrect since this cannot be used to monitor changes to network resources.
Option D is incorrect since this can only be used to perform vulnerability scan analysis on EC2 Instances.
For more information on Networking management and monitoring, please refer to the below URL
https://aws.amazon.com/answers/networking/vpc-network-management-and-monitoring/