Q65 — AWS SAA-C03 Ch.3
Question 65 of 65 | ← Chapter 3
Q195. A company wants to manage Amazon Machine Images (AMIS). The company currently copies AMIs to the same AWS Region where the AMIS were created. The company needs to design an application that captures AWS API calls and sends alerts whenever the Amazon EC2 CreateImage API operation is called within the company's account.Which solution will meet these requirements with the LEAST operational overhead?
- A. Create an AWS Lambda function to query AWS CloudTrail logs and to send an alert when a CreateImage API call is detected.
- B. Configure AWS CloudTrail with an Amazon Simple Notification Service (Amazon SNS) notification that occurs when updated logs are sent to Amazon S3. Use Amazon Athena to create a new table and to query on CreateImage when an API call is detected.
- C. Create an Amazon EventBridge (Amazon CloudWatch Events) rule for the CreateImage API cal.Configure the target as an Amazon Simple Notification Service (Amazon SNS) topic to send an alert when a CreateImage API call is detected. ✓
- D. Configure an Amazon Simple Queue Service (Amazon SQS) FIFO queue as a target for AWS CloudTrail logs. Create an AWS Lambda function to send an alert to an Amazon Simple Notification Service (Amazon SNS) topic when a CreateImage API call is detected.
Correct Answer: C. Create an Amazon EventBridge (Amazon CloudWatch Events) rule for the CreateImage API cal.Configure the target as an Amazon Simple Notification Service (Amazon SNS) topic to send an alert when a CreateImage API call is detected.
Explanation
Option A suggests creating an AWS Lambda function to query AWS CloudTrail logs and send an alert when a CreateImage API call is detected. While this approach can work, it may require more configuration management compared to using Amazon EventBridge.Option B suggests configuring AWS CloudTrail with an Amazon SNS notification that occurs when updated logs are sent to Amazon S3 and using Amazon Athena to create a new table and query on CreateImage when an API call is detected. While this approach can work and provides flexibility in querying logs, it may require more operational overhead and complexity compared to using Amazon EventBridge.Option D suggests configuring an Amazon Simple Queue Service (Amazon SQS) FIFO queue as a target for AWS CloudTrail logs and creating an AWS Lambda function to send an alert to an Amazon SNS topic when a CreateImage API call is detected. While this approach can work, it requires setting up additional infrastructure and may not be necessary if Amazon EventBridge can handle the requirements.By creating an Amazon EventBridge rule for the CreateImage API call and configuring the target as an Amazon SNS topic, the company can detect any CreateImage API calls made within their account and send an alert through Amazon SNS. This solution minimizes operational overhead since Amazon EventBridge can easily handle the event detection, routing, and dispatching tasks, without requiring significant infrastructure or configuration management.