How can the administrator identify who is creating the Elastic IP addresses?

A SysOps administrator noticed that a large number of Elastic IP addresses are being created on the company’s AWS account, but they are not being associated with Amazon EC2 instances, and are incurring Elastic IP address charges in the monthly bill.

How can the administrator identify who is creating the Elastic IP addresses?
A . Attach a cost-allocation tag to each requested Elastic IP address with the IAM user name of the developer who creates it.
B . Query AWS CloudTrail logs by using Amazon Athena to search for Elastic IP address events.
C . Create a CloudWatch alarm on the ElPCreated metric and send an Amazon SNS notification when the alarm triggers.
D . Use Amazon Inspector to get a report of all Elastic IP addresses created in the last 30 days.

View Answer

Answer: B

Explanation:

To identify who is creating the Elastic IP addresses, the following steps should be taken:

Enable CloudTrail Logging:

Ensure AWS CloudTrail is enabled to log all API activities in your AWS account.

Reference: Setting Up AWS CloudTrail

Create an Athena Table for CloudTrail Logs:

Set up an Athena table that points to the S3 bucket where CloudTrail logs are stored.

Reference: Creating Tables in Athena

Query CloudTrail Logs:

Use Athena to run SQL queries to search for AllocateAddress events, which represent the creation of Elastic IP addresses.

Example Query:

sql

Copy code

SELECT userIdentity.userName, eventTime, eventSource, eventName, requestParameters FROM cloudtrail_logs

WHERE eventName = ‘AllocateAddress’;

Reference: Analyzing AWS CloudTrail Logs

Review Results:

Review the results to identify which IAM user or role is creating the Elastic IP addresses.

Reference: AWS CloudTrail Log Analysis