Q76 — AWS DOP-C02 Ch.1
Question 76 of 100 | ← Chapter 1
A developer maintains a fleet of 50 Amazon EC2 Linux servers. These servers are part of an Amazon EC2 Auto Scaling group and are load-balanced using Elastic Load Balancing. Occasionally, some application servers are terminated after failing ELB HTTP health checks. The developer wants to perform root cause analysis but cannot access application logs before the servers terminate.
- A. Use an Auto Scaling lifecycle hook to place the instance in Pending:Wait state. Create an Amazon CloudWatch alarm for EC2 Instance Terminate Successful and trigger an AWS Lambda function to invoke SSM Run Command to collect logs, push them to Amazon S3, and then complete the lifecycle action.
- B. Use an Auto Scaling lifecycle hook to place the instance in Terminating:Wait state. Create an AWS Config rule for EC2 instance termination lifecycle events and trigger a Step Functions workflow that runs a script to collect logs, push them to Amazon S3, and then complete the lifecycle action.
- C. Use an Auto Scaling lifecycle hook to place the instance in Terminating:Wait state. Create an Amazon CloudWatch Logs subscription filter for EC2 Instance Terminate Successful and trigger the CloudWatch agent to run a script to collect logs, push them to Amazon S3, and then complete the lifecycle action.
- D. Use an Auto Scaling lifecycle hook to place the instance in Terminating:Wait state. Create an Amazon EventBridge rule for EC2 instance termination lifecycle events and trigger an AWS Lambda function to invoke SSM Run Command to collect logs, push them to Amazon S3, and then complete the lifecycle action. ✓
Correct Answer: D. Use an Auto Scaling lifecycle hook to place the instance in Terminating:Wait state. Create an Amazon EventBridge rule for EC2 instance termination lifecycle events and trigger an AWS Lambda function to invoke SSM Run Command to collect logs, push them to Amazon S3, and then complete the lifecycle action.
Explanation
Option D is correct. Using an Auto Scaling lifecycle hook to place the instance in Terminating:Wait state pauses termination, allowing time for log collection. Amazon EventBridge natively emits lifecycle event notifications (e.g., autoscaling:EC2_INSTANCE_TERMINATING), enabling reliable, low-latency event-driven invocation of Lambda. Lambda then uses SSM Run Command—requiring no pre-installed agents beyond the SSM Agent—to execute log collection and upload logic securely and idempotently. This approach avoids dependencies on CloudWatch alarms (which may miss short-lived events), AWS Config rules (not designed for lifecycle events), or CloudWatch Logs subscription filters (which require logs to already exist and be streamed).