Victor is an information security professional investigating an incident. Which service can he use to identify the user that made the API call when an Amazon EC2 instance is terminated?

AWS CloudTrail is the correct choice for identifying the user who made an API call when an Amazon EC2 instance is terminated. This service provides comprehensive logging of API calls across AWS services, capturing details such as the identity of the API caller, the actions taken, and any resource changes. By reviewing the logs generated by CloudTrail, Victor can trace back to the specific user or role associated with the termination event, giving context and accountability for the action taken.

AWS Config, while useful for assessing resource configurations and compliance, does not provide the granular logging of API actions or user identity. It focuses more on the resource states over time rather than the direct tracking of user activity.

AWS Inspector is designed for security assessments of applications and instances, evaluating them for vulnerabilities and compliance risks. It does not log API calls or user actions.

AWS Trusted Advisor provides recommendations for optimizing AWS environments regarding cost, security, fault tolerance, performance, and service limits, but it does not track API call histories or identify users involved in those calls.

Thus, CloudTrail stands out as the essential tool for Victor’s needs in this incident investigation.