Q71 — AWS DVA-C02 Ch.1

Question 71 of 100 | ← Chapter 1

A company wants to use AWS CloudFormation templates to deploy all cloud resources. A developer must create an Amazon Simple Notification Service (Amazon SNS) notification to enforce this policy. The developer creates an SNS topic and subscribes the company’s security team’s corporate email address to it. The security team must receive immediate notifications when IAM roles are created without using CloudFormation. Which solution satisfies this requirement?

Correct Answer: D. Create an Amazon EventBridge rule to filter CloudTrail events and specify the SNS topic as the target of the EventBridge rule.

Explanation

Option D directly fulfills the requirement: an Amazon EventBridge rule can natively ingest CloudTrail events in near real time, apply filtering logic (e.g., eventName = CreateRole AND userIdentity.type != CloudFormation), and deliver matching events to the SNS topic—ensuring immediate, serverless, and scalable notifications without polling or custom infrastructure. 【Lantern Certification: swufelp1999】