Q96 — AWS DOP-C02 Ch.3
Question 96 of 100 | ← Chapter 3
A security team requires that any manually logged-in Amazon EC2 instance must be terminated within 24 hours. All applications in the security account run in Auto Scaling groups configured with the Amazon CloudWatch Logs agent.
- A. Create a CloudWatch Logs subscription to an AWS Step Functions application. Configure an AWS Lambda function to tag the EC2 instance that generated the login event and mark it for termination. Create an Amazon EventBridge rule to invoke a second Lambda function daily to terminate all instances with this tag.
- B. Create an Amazon CloudWatch alarm triggered by login events. Send notifications to an Amazon Simple Notification Service (Amazon SNS) topic subscribed to by the operations team, and ask them to terminate the EC2 instance within 24 hours.
- C. Create an Amazon CloudWatch alarm triggered by login events. Configure the alarm to send notifications to an Amazon Simple Queue Service (Amazon SQS) queue. Use a fleet of worker instances to process messages from the queue and then schedule an Amazon EventBridge rule invocation.
- D. Create a CloudWatch Logs subscription to an AWS Lambda function. Configure the function to tag the EC2 instance that generated the login event and mark it for termination. Create an Amazon EventBridge rule to invoke a daily Lambda function that terminates all instances with this tag. ✓
Correct Answer: D. Create a CloudWatch Logs subscription to an AWS Lambda function. Configure the function to tag the EC2 instance that generated the login event and mark it for termination. Create an Amazon EventBridge rule to invoke a daily Lambda function that terminates all instances with this tag.
Explanation
Option D provides the most effective automation: a CloudWatch Logs subscription directly triggers a Lambda function upon detecting a login event, enabling immediate tagging of the relevant EC2 instance. A daily EventBridge-scheduled Lambda function then terminates all tagged instances—achieving reliable, serverless, and scalable enforcement of the 24-hour termination policy. Option A unnecessarily introduces Step Functions complexity. Option B relies on manual intervention, violating automation. Option C adds operational overhead with worker instances and SQS polling, reducing efficiency and increasing cost versus the direct Lambda + EventBridge approach.