Learn how to implement an application that collects all the lifecycle events of Amazon EC2 instances running in multiple AWS accounts. Discover how to use Amazon Simple Queue Service (Amazon SQS) to store the lifecycle events in a single queue for further processing.
Table of Contents
Question
A company is running Amazon EC2 instances in multiple AWS accounts. A developer needs to implement an application that collects all the lifecycle events of the EC2 instances. The application needs to store the lifecycle events in a single Amazon Simple Queue Service (Amazon SQS) queue in the company’s main AWS account for further processing.
Which solution will meet these requirements?
A. Configure Amazon EC2 to deliver the EC2 instance lifecycle events from all accounts to the Amazon EventBridge event bus of the main account. Add an EventBridge rule to the event bus of the main account that matches all EC2 instance lifecycle events. Add the SQS queue as a target of the rule.
B. Use the resource policies of the SQS queue in the main account to give each account permissions to write to that SQS queue. Add to the Amazon EventBridge event bus of each account an EventBridge rule that matches all EC2 instance lifecycle events. Add the SQS queue in the main account as a target of the rule.
C. Write an AWS Lambda function that scans through all EC2 instances in the company accounts to detect EC2 instance lifecycle changes. Configure the Lambda function to write a notification message to the SQS queue in the main account if the function detects an EC2 instance lifecycle change. Add an Amazon EventBridge scheduled rule that invokes the Lambda function every minute.
D. Configure the permissions on the main account event bus to receive events from all accounts. Create an Amazon EventBridge rule in each account to send all the EC2 instance lifecycle events to the main account event bus. Add an EventBridge rule to the main account event bus that matches all EC2 instance lifecycle events. Set the SQS queue as a target for the rule.
Answer
B. Use the resource policies of the SQS queue in the main account to give each account permissions to write to that SQS queue. Add to the Amazon EventBridge event bus of each account an EventBridge rule that matches all EC2 instance lifecycle events. Add the SQS queue in the main account as a target of the rule.
Explanation
The correct answer is B. Use the resource policies of the SQS queue in the main account to give each account permissions to write to that SQS queue. Add to the Amazon EventBridge event bus of each account an EventBridge rule that matches all EC2 instance lifecycle events. Add the SQS queue in the main account as a target of the rule.
Here is a detailed explanation:
- Option A is not a valid solution because it does not specify how to configure Amazon EC2 to deliver the EC2 instance lifecycle events from all accounts to the Amazon EventBridge event bus of the main account. Amazon EC2 does not have a built-in feature to send events to another account’s event bus. To achieve this, each account needs to create an EventBridge rule that targets the main account’s event bus, and the main account needs to grant permissions to receive events from other accounts.
- Option B is the best solution because it meets all the requirements. By using the resource policies of the SQS queue in the main account, each account can be given permissions to write messages to that queue. By creating an EventBridge rule in each account that matches all EC2 instance lifecycle events, these events can be sent to the SQS queue in the main account as a target. This way, the application can collect all the lifecycle events of the EC2 instances in a single SQS queue for further processing.
- Option C is not a valid solution because it is inefficient and unreliable. Writing a Lambda function that scans through all EC2 instances in the company accounts to detect EC2 instance lifecycle changes is a costly and time-consuming operation that may not capture all the events accurately. Moreover, invoking the Lambda function every minute with an EventBridge scheduled rule may incur unnecessary charges and may miss some events that occur between invocations.
- Option D is not a valid solution because it does not specify how to configure the permissions on the main account event bus to receive events from all accounts. To achieve this, the main account needs to attach a resource-based policy to its event bus that allows cross-account access from other accounts.
Therefore, option B is the best solution that meets these requirements.
The latest AWS Certified Developer – Associate DVA-C02 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Developer – Associate DVA-C02 exam and earn AWS Certified Developer – Associate DVA-C02 certification.
