Q63 — AWS DOP-C02 Ch.1

Question 63 of 100 | ← Chapter 1

A company uses AWS Control Tower to manage its multi-account AWS environment. The company previously used the standard AWS Management Console to create AWS accounts via AWS Control Tower. The company now wants to implement an automated solution using AWS Control Tower Account Factory to create new AWS accounts. A DevOps engineer is testing a new method where employees upload a CSV file to an Amazon S3 bucket. The CSV file contains information required to create a new AWS account. When a new file is created in the S3 bucket, an AWS Lambda function processes the Amazon S3 event notification. The Lambda function uses the AWS Service Catalog API to create the AWS account. The DevOps engineer needs to implement a solution to publish a notification to an Amazon Simple Notification Service (Amazon SNS) topic upon successful completion of the account creation process. How should the DevOps engineer automate the SNS notification?

Correct Answer: D. Configure an Amazon EventBridge (Amazon CloudWatch Events) rule that responds to AWS Control Tower CreateManagedAccount events and publishes to the SNS topic.

Explanation

Option D is correct because the requirement is to publish an SNS notification specifically upon successful completion of the account creation process. An EventBridge rule configured to respond to the AWS Control Tower CreateManagedAccount event directly captures this precise operational milestone and triggers the SNS notification reliably. Option A’s drift detection is unrelated to account creation completion. Option B’s Service Catalog product-level publishing does not map to the account creation success event. Option C’s ProvisionProduct event relates to generic Service Catalog provisioning—not the AWS Control Tower–specific account creation workflow. Only Option D targets the exact event needed.