Q97 — AWS DOP-C02 Ch.3

Question 97 of 100 | ← Chapter 3

A security team requires that any manually logged-in Amazon EC2 instance must be terminated within 24 hours. All applications in the security account run in Auto Scaling groups configured with the Amazon CloudWatch Logs agent.

Correct Answer: D. Create a CloudWatch Logs subscription to an AWS Lambda function. Configure the function to tag the EC2 instance that generated the login event and mark it for termination. Create a CloudWatch Events rule to trigger a daily Lambda function that terminates all instances with this tag.

Explanation

Option D is the most appropriate automated solution. A CloudWatch Logs subscription directly invokes a Lambda function upon detection of a login event, enabling immediate tagging of the associated EC2 instance. A scheduled CloudWatch Events rule then triggers a daily Lambda function to terminate all instances bearing that tag—providing a simple, reliable, serverless, and scalable enforcement of the 24-hour termination requirement. Option A overcomplicates the flow with Step Functions. Option B depends on manual action, failing the automation requirement. Option C introduces unnecessary infrastructure (worker instances, SQS) and latency, reducing efficiency and increasing maintenance burden compared to the direct Lambda + Events approach.