Your company has a set of EC2 Instances in AWS. These EC2 Instances have strict security groups attached to them. You need to ensure that unexpected changes to the security groups are monitored and reverted. How can you achieve this?

Answer options:

A.Create a Lambda function to periodically query the CloudTrail logs to see if the security groups have been modified. Revert the changes if necessary.
B.Use CloudWatch metrics to monitor the activity on the security groups. Use filters to search for the changes and use SNS for the notification.
C.Use AWS Inspector to monitor the activity on the security groups. Use filters to search for the changes and use SNS for the notification.
D.Use CloudWatch event to detect changes to your security group and trigger the AWS Lambda function to revert the new security group rules accordingly as per compliance rules. Configure the Lambda function to send an email notification as well.

Answer – D
The below diagram from an AWS blog shows how security groups can be monitored.
Option A is incorrect because the method cannot revert the change in real-time. Compared with Option D, this one is more complicated too.
Option B is incorrect because CloudWatch metrics cannot be used to check the change of security groups.
Option C is incorrect because AWS Inspector is not used to monitor the activity of security groups.
For more information on monitoring security groups, please visit the below URL:
https://aws.amazon.com/blogs/security/how-to-automatically-revert-and-receive-notifications-about-changes-to-your-amazon-vpc-security-groups/