-
Hi jacob-9,
Thank you for your feedback. We appreciate your observation about the wording in Option 2, which suggested AWS Config could monitor “create-api-key” calls. AWS Config evaluates resource configurations, not API calls, and the reference to the iam-root-access-key-check rule in the explanation wasn’t fully aligned with the answer, leading to some confusion. Your point about combining AWS Config for CloudTrail status and CloudTrail with EventBridge for API key creation detection is well-taken.
We’ve updated the question to clarify Option 2, changing “monitor any calls to the create-api-key” to “detect the presence of root user access keys” using the iam-root-access-key-check rule. The explanation now aligns with this correction and includes the cloudtrail-enabled rule for CloudTrail monitoring. These changes ensure the answer is accurate and complete.
The updated question and explanation will reflect in the portal soon. Thank you for helping us improve our content. If you have further questions, please let us know.
Best,
Irene @ Tutorials Dojo
