Q67 — AWS DOP-C02 Ch.3
Question 67 of 100 | ← Chapter 3
A company has multiple development teams across different business units, all working within a shared AWS account. All Amazon EC2 resources created in the account are tagged to identify the resource creator. Tagging occurs during the first API call after resource creation.
- A. Create an S3 event notification on the S3 bucket to invoke a Lambda function for s3:ObjectTagging:Put events. Enable versioning on the S3 bucket.
- B. Enable server access logging on the S3 bucket. Create an S3 event notification on the S3 bucket for s3:ObjectTagging:* events.
- C. Create an Amazon EventBridge scheduled rule that runs hourly to invoke a Lambda function. Modify the Lambda function to read logs from the S3 bucket.
- D. Create an Amazon EventBridge rule with Amazon EC2 as the event source. Configure the rule to match CloudTrail-delivered events. Configure the rule to target a Lambda function. ✓
Correct Answer: D. Create an Amazon EventBridge rule with Amazon EC2 as the event source. Configure the rule to match CloudTrail-delivered events. Configure the rule to target a Lambda function.
Explanation
In AWS service integration, capturing API events via CloudTrail and triggering Lambda functions through EventBridge enables automated tagging. The requirement is to tag resources immediately after creation, including user ID and cost center ID. Option D uses an EventBridge rule to listen for CloudTrail events (e.g., RunInstances), triggering a Lambda function to apply tags. EventBridge’s native CloudTrail integration provides real-time event processing, ensuring timely tagging without polling or reliance on storage-level events. Other options involve S3 event notifications or scheduled tasks, which cannot directly correlate EC2 creation events or introduce latency. AWS documentation confirms EventBridge supports CloudTrail as an event source for API-driven workflows.