Q71 — AWS DVA-C02 Ch.1
Question 71 of 100 | ← Chapter 1
A company wants to use AWS CloudFormation templates to deploy all cloud resources. A developer must create an Amazon Simple Notification Service (Amazon SNS) notification to enforce this policy. The developer creates an SNS topic and subscribes the company’s security team’s corporate email address to it. The security team must receive immediate notifications when IAM roles are created without using CloudFormation. Which solution satisfies this requirement?
- A. Create an AWS Lambda function to filter CloudTrail events and publish to the SNS topic if an IAM role is created without CloudFormation. Configure the Lambda function to trigger every 15 minutes using an Amazon EventBridge schedule.
- B. Create an AWS Fargate task in Amazon Elastic Container Service (Amazon ECS) to filter CloudTrail events and publish to the SNS topic if an IAM role is created without CloudFormation. Configure the Fargate task to run every 15 minutes using an Amazon EventBridge schedule.
- C. Launch an Amazon EC2 instance with a script to filter CloudTrail events and publish to the SNS topic if an IAM role is created without CloudFormation. Configure the script to run every 15 minutes via cron on the EC2 instance.
- D. Create an Amazon EventBridge rule to filter CloudTrail events and specify the SNS topic as the target of the EventBridge rule. ✓
Correct Answer: D. Create an Amazon EventBridge rule to filter CloudTrail events and specify the SNS topic as the target of the EventBridge rule.
Explanation
Option D directly fulfills the requirement: an Amazon EventBridge rule can natively ingest CloudTrail events in near real time, apply filtering logic (e.g., eventName = CreateRole AND userIdentity.type != CloudFormation), and deliver matching events to the SNS topic—ensuring immediate, serverless, and scalable notifications without polling or custom infrastructure. 【Lantern Certification: swufelp1999】