AWS Certified Security - Specialty (#122)

A Security Engineer must design a solution that enables the incident Response team to audit for changes to a user’s IAM permissions in the case of a security incident. How can this be accomplished?

Use AWS Config to review the IAM policy assigned to users before and after the incident.
Run the
GenerateCredentialReport
via the AWS CLI, and copy the output to Amazon S3 daily for auditing purposes.
Copy AWS CloudFormation templates to S3, and audit for changes from the template.
Use Amazon EC2 Systems Manager to deploy images, and review AWS CloudTrail logs for changes.