AWS DevOps Engineer Professional Practice Test

What is the primary method to receive notifications when AWS Config rule compliance statuses change?

• A. Configure CloudTrail notifications
• B. Set up SNS notifications or CloudWatch Events
• C. Enable AWS Config on all resources
• D. Use AWS Budgets for alerts

The correct answer is: Set up SNS notifications or CloudWatch Events

The primary method for receiving notifications when AWS Config rule compliance statuses change is to set up SNS (Simple Notification Service) notifications or CloudWatch Events. AWS Config enables you to assess, audit, and evaluate the configurations of your AWS resources. With the ability to track changes in compliance status, it’s essential to have a mechanism for notifying users or systems about these changes. By utilizing SNS notifications, you can trigger alerts to inform relevant stakeholders whenever there are changes in configuration compliance. This can be particularly valuable for ensuring adherence to governance policies and responding quickly to potential issues. Setting up CloudWatch Events allows you to react to compliance changes in real-time, sending events to specified targets like SNS topics, Lambda functions, or other AWS services. This dynamic capability enables automation and efficient monitoring of resource configurations. While configuring CloudTrail notifications and enabling AWS Config on all resources are beneficial for overall auditing and tracking, they do not directly serve the purpose of notifying about rule compliance changes. Similarly, AWS Budgets are designed for financial monitoring rather than compliance. Therefore, setting up SNS or CloudWatch Events stands out as the most effective method for achieving notification automation in relation to AWS Config.