Q97 — AWS DOP-C02 Ch.3
Question 97 of 100 | ← Chapter 3
A security team requires that any manually logged-in Amazon EC2 instance must be terminated within 24 hours. All applications in the security account run in Auto Scaling groups configured with the Amazon CloudWatch Logs agent.
- A. Create a CloudWatch Logs subscription to an AWS Step Functions application. Configure the function to tag the EC2 instance that generated the login event and mark it for termination. Then create a CloudWatch Events rule to trigger a second AWS Lambda function once daily to terminate all instances with this tag.
- B. Create a CloudWatch alarm triggered by login events. Send notifications to an Amazon SNS topic subscribed to by the operations team, and ask them to terminate the EC2 instance within 24 hours.
- C. Create a CloudWatch alarm triggered by login events. Configure the alarm to send notifications to an Amazon SQS queue. Use a fleet of worker instances to process messages from the queue and then schedule an Amazon CloudWatch Events rule trigger.
- D. Create a CloudWatch Logs subscription to an AWS Lambda function. Configure the function to tag the EC2 instance that generated the login event and mark it for termination. Create a CloudWatch Events rule to trigger a daily Lambda function that terminates all instances with this tag. ✓
Correct Answer: D. Create a CloudWatch Logs subscription to an AWS Lambda function. Configure the function to tag the EC2 instance that generated the login event and mark it for termination. Create a CloudWatch Events rule to trigger a daily Lambda function that terminates all instances with this tag.
Explanation
Option D is the most appropriate automated solution. A CloudWatch Logs subscription directly invokes a Lambda function upon detection of a login event, enabling immediate tagging of the associated EC2 instance. A scheduled CloudWatch Events rule then triggers a daily Lambda function to terminate all instances bearing that tag—providing a simple, reliable, serverless, and scalable enforcement of the 24-hour termination requirement. Option A overcomplicates the flow with Step Functions. Option B depends on manual action, failing the automation requirement. Option C introduces unnecessary infrastructure (worker instances, SQS) and latency, reducing efficiency and increasing maintenance burden compared to the direct Lambda + Events approach.