Whilst working on a collaborative project, an administrator would like to record the initial configuration and several authorized changes that engineers make to the route table of a VPC. What is the best method to achieve this?

Answer options:

A.Use of AWS Config
B.Use of VPC Flow Logs
C.Use of AWS CloudTrail
D.Use of an AWS Lambda function that is triggered to save a log file to an S3 bucket each time configuration changes are made.

Correct Answer – A
AWS Config can be used to keep track of configuration changes on AWS resources, keeping multiple date-stamped versions in a reviewable history. This makes it the best method to meet the scenario requirements.
https://aws.amazon.com/config/
Option B is incorrect because VPC flow logs will only capture IP traffic-related information passing through and from network interfaces within the VPC. VPC flow logs will not be able to capture configuration changes made to route tables.
https://docs.aws.amazon.com/vpc/latest/userguide/flow-logs.html
Option C is incorrect because AWS CloudTrail will capture identity access activity, event history into the AWS environment. Recording the actions and API calls are not best suited to keep a record of configurations.
https://aws.amazon.com/cloudtrail/
Option D is incorrect because using a Lambda function to write configuration changes might meet the requirements, but it would not be the best method. AWS Config can deliver what is needed with much less administrative input.