Q96 — AWS DOP-C02 Ch.3

Question 96 of 100 | ← Chapter 3

A security team requires that any manually logged-in Amazon EC2 instance must be terminated within 24 hours. All applications in the security account run in Auto Scaling groups configured with the Amazon CloudWatch Logs agent.

Correct Answer: D. Create a CloudWatch Logs subscription to an AWS Lambda function. Configure the function to tag the EC2 instance that generated the login event and mark it for termination. Create an Amazon EventBridge rule to invoke a daily Lambda function that terminates all instances with this tag.

Explanation

Option D provides the most effective automation: a CloudWatch Logs subscription directly triggers a Lambda function upon detecting a login event, enabling immediate tagging of the relevant EC2 instance. A daily EventBridge-scheduled Lambda function then terminates all tagged instances—achieving reliable, serverless, and scalable enforcement of the 24-hour termination policy. Option A unnecessarily introduces Step Functions complexity. Option B relies on manual intervention, violating automation. Option C adds operational overhead with worker instances and SQS polling, reducing efficiency and increasing cost versus the direct Lambda + EventBridge approach.