Learn how to use CloudTrail and EventBridge to tag EC2 resources with the user ID and the cost center ID.
Table of Contents
Question
A company has multiple development teams in different business units that work in a shared single AWS account All Amazon EC2 resources that are created in the account must include tags that specify who created the resources. The tagging must occur within the first hour of resource creation.
A DevOps engineer needs to add tags to the created resources that Include the user ID that created the resource and the cost center ID The DevOps engineer configures an AWS Lambda function With the cost center mappings to tag the resources. The DevOps engineer also sets up AWS CloudTrail in the AWS account. An Amazon S3 bucket stores the CloudTrail event logs Which solution will meet the tagging requirements?
A. Create an Amazon EventBridge rule that uses Amazon EC2 as the event source. Configure the rule to match events delivered by CloudTraiI. Configure the rule to target the Lambda function
B. Enable server access logging on the S3 bucket. Create an S3 event notification on the S3 bucket for s3. ObjectTaggIng.* events
C. Create a recurring hourly Amazon EventBridge scheduled rule that invokes the Larnbda function. Modify the Lambda function to read the logs from the S3 bucket
D. Create an S3 event notification on the S3 bucket to invoke the Lambda function for s3.ObJectTagging:Put events. Enable bucket versioning on the S3 bucket.
Answer
A. Create an Amazon EventBridge rule that uses Amazon EC2 as the event source. Configure the rule to match events delivered by CloudTraiI. Configure the rule to target the Lambda function
Explanation
The correct answer is A. Create an Amazon EventBridge rule that uses Amazon EC2 as the event source. Configure the rule to match events delivered by CloudTrail. Configure the rule to target the Lambda function.
This is because EventBridge is a service that allows you to connect your AWS resources with various sources of events, such as CloudTrail, EC2, S3, and others. You can create rules that match specific events and trigger actions, such as invoking a Lambda function.
In this case, the Lambda function can use the event data to tag the EC2 resources with the user ID and the cost center ID. This solution meets the tagging requirements because it tags the resources within the first hour of creation, and it uses the CloudTrail logs to identify the user ID.
The other options are not correct because:
- B. Enable server access logging on the S3 bucket. Create an S3 event notification on the S3 bucket for s3.ObjectTagging.* events: This solution is not correct because server access logging on the S3 bucket only records the requests made to the bucket, not the CloudTrail events. Also, the s3.ObjectTagging.* events are related to the tagging of S3 objects, not EC2 resources.
- C. Create a recurring hourly Amazon EventBridge scheduled rule that invokes the Lambda function. Modify the Lambda function to read the logs from the S3 bucket: This solution is not correct because it does not guarantee that the tagging will occur within the first hour of resource creation. It also adds unnecessary complexity to the Lambda function, which has to read the logs from the S3 bucket instead of receiving the event data directly.
- D. Create an S3 event notification on the S3 bucket to invoke the Lambda function for s3.ObjectTagging:Put events. Enable bucket versioning on the S3 bucket: This solution is not correct because it does not use the CloudTrail events to identify the user ID. It also does not tag the EC2 resources, but the S3 objects that store the CloudTrail logs. Bucket versioning is irrelevant for this scenario.
Amazon AWS Certified DevOps Engineer – Professional DOP-C02 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified DevOps Engineer – Professional DOP-C02 exam and earn Amazon AWS Certified DevOps Engineer – Professional DOP-C02 certification.