Q80 — AWS SOA-C02 Ch.1

Question 80 of 100 | ← Chapter 1

A company is using AWS Certificate Manager (ACM) to manage public SSL/TLS certificates. A SysOps administrator needs to send an email notification when a certificate has less than 14 days until expiration. Which solution will meet this requirement with the LEAST operational overhead?

Correct Answer: B. Create an Amazon EventBridge rule that has an event source of aws.acm. Configure the rule to evaluate the DaysToExpiry metric for all ACM certificates. Configure the rule to send an event to a target Amazon Simple Notification Service (Amazon SNS) topic if DaysToExpiry is less than 14. Subscribe the appropriate email addresses to the SNS topic.

Explanation

这道题考察如何利用AWS服务自动化监控SSL/TLS证书过期通知。根据AWS官方文档,ACM证书过期事件会通过Amazon EventBridge发送,其中包含`DaysToExpiry`字段。选项B直接使用EventBridge监听ACM事件源(`aws.acm`),当该字段小于14时触发SNS通知,无需额外配置自定义指标或手动操作。其他选项要么需要手动干预(选项C)、依赖自定义指标(选项A),要么使用不正确目标类型(选项D),增加了操作复杂性。答案B符合最小化运维开销的要求。