Q49 — AWS DOP-C02 Ch.1
Question 49 of 100 | ← Chapter 1
A company hosts a multi-tenant application on Amazon EC2 instances behind an Application Load Balancer. These instances run Windows Server and are part of an Auto Scaling group. The application uses license files stored on the instances, which can be updated on the instances without disrupting customers. When a new customer purchases access to the application, the licensing team adds the new license key to a file in an Amazon S3 bucket. After updating the license file, the operations team manually updates the EC2 instances. A DevOps engineer needs to automate the EC2 instance file update process. The automation must minimize the time required for EC2 instances to obtain the updated license file and must notify the operations team of success or failure of the update process. The DevOps engineer creates a resource group in AWS Resource Groups. The resource group uses tags to automatically include the application’s EC2 instances. What should the DevOps engineer do next to meet these requirements in the most cost-effective and efficient way?
- A. Create an S3 event notification to invoke an AWS Lambda function when the license file is updated in the S3 bucket. Configure the Lambda function to invoke AWS Systems Manager Run Command to run the AWS-RunRemoteScript document to download the updated license file. Specify that the command runs on the application’s resource group with 50% concurrency. Configure Amazon Simple Email Service (Amazon SES) notifications for SUCCESS and FAILED events to email the operations team.
- B. Create an S3 event notification to invoke an AWS Lambda function when the license file is updated in the S3 bucket. Configure the Lambda function to invoke AWS Systems Manager Run Command to run the AWS-RunPowerShellScript document to download the updated license file. Specify that the command runs on the application’s resource group with 50% concurrency. Configure an Amazon Simple Notification Service (Amazon SNS) topic to send SUCCESS and FAILED event notifications. Subscribe the operations team members’ email addresses to the SNS topic. ✓
- C. Create an Amazon EventBridge scheduled rule that runs hourly to invoke an AWS Lambda function. Configure the Lambda function to invoke AWS Systems Manager Run Command to run the AWS-RunPowerShellScript document to download the updated license file. Specify that the command runs on the application’s resource group with 50% concurrency. Configure an Amazon Simple Notification Service (Amazon SNS) topic to send SUCCESS and FAILED event notifications. Subscribe the operations team members’ email addresses to the SNS topic.
- D. Create an Amazon EventBridge scheduled rule that runs hourly to invoke an AWS Lambda function. Configure the Lambda function to invoke AWS Systems Manager Run Command to run the AWS-RunRemoteScript document to download the updated license file. Specify that the command runs on the application’s resource group with 50% concurrency. Configure Amazon Simple Email Service (Amazon SES) notifications for SUCCESS and FAILED events to email the operations team.
Correct Answer: B. Create an S3 event notification to invoke an AWS Lambda function when the license file is updated in the S3 bucket. Configure the Lambda function to invoke AWS Systems Manager Run Command to run the AWS-RunPowerShellScript document to download the updated license file. Specify that the command runs on the application’s resource group with 50% concurrency. Configure an Amazon Simple Notification Service (Amazon SNS) topic to send SUCCESS and FAILED event notifications. Subscribe the operations team members’ email addresses to the SNS topic.
Explanation
Option B is correct because: First, S3 event notifications trigger immediately upon license file updates, enabling real-time responsiveness—more efficient than hourly EventBridge rules. Second, using AWS Lambda to invoke AWS Systems Manager Run Command with the AWS-RunPowerShellScript document automates the download process on Windows-based instances. Third, specifying 50% concurrency across the resource group balances efficiency and safety. Fourth, Amazon SNS is more cost-effective and operationally simpler than Amazon SES for internal operational notifications, especially when delivering to multiple subscribed email addresses. Thus, Option B best meets the requirements cost-effectively and efficiently.