Q95 — AWS DOP-C02 Ch.2

Question 95 of 100 | ← Chapter 2

A developer maintains approximately 50 Amazon EC2 Linux servers. These servers are part of an Amazon EC2 Auto Scaling group and use Elastic Load Balancing for load distribution. Occasionally, some application servers are terminated after failing ELB HTTP health checks. The developer wants to perform root cause analysis but cannot access application logs before the servers are terminated. How can log collection be automated?

Correct Answer: D. Use an Auto Scaling lifecycle hook to place the instance in Terminating:Wait state. Create an Amazon EventBridge rule for 'EC2 Instance Terminate Lifecycle Action' and trigger an AWS Lambda function that invokes an SSM Run Command script to collect logs, push them to Amazon S3, and complete the lifecycle action after log collection.

Explanation

Auto Scaling lifecycle hooks can pause instance state at Terminating:Wait, providing a time window for log collection. AWS documentation states that lifecycle operation events can be captured via Amazon EventBridge and used to trigger Lambda functions executing SSM commands. Option D correctly uses an EventBridge rule to listen for EC2 instance termination events and leverages Lambda to invoke SSM Run Command for log transfer. Other options involve incorrect or unsupported services (e.g., CloudWatch subscription filters, AWS Config rules) or mismatched mechanisms (e.g., CloudWatch alarms for termination events). AWS architectural best practices recommend using lifecycle hooks with event-driven architectures for pre-termination operations.