DVA-C02: How to Collect EC2 Lifecycle Events from Multiple AWS Accounts with Amazon SQS

Learn how to implement an application that collects all the lifecycle events of Amazon EC2 instances running in multiple AWS accounts. Discover how to use Amazon Simple Queue Service (Amazon SQS) to store the lifecycle events in a single queue for further processing.

Question

A company is running Amazon EC2 instances in multiple AWS accounts. A developer needs to implement an application that collects all the lifecycle events of the EC2 instances. The application needs to store the lifecycle events in a single Amazon Simple Queue Service (Amazon SQS) queue in the company’s main AWS account for further processing.

Which solution will meet these requirements?

A. Configure Amazon EC2 to deliver the EC2 instance lifecycle events from all accounts to the Amazon EventBridge event bus of the main account. Add an EventBridge rule to the event bus of the main account that matches all EC2 instance lifecycle events. Add the SQS queue as a target of the rule.

B. Use the resource policies of the SQS queue in the main account to give each account permissions to write to that SQS queue. Add to the Amazon EventBridge event bus of each account an EventBridge rule that matches all EC2 instance lifecycle events. Add the SQS queue in the main account as a target of the rule.

C. Write an AWS Lambda function that scans through all EC2 instances in the company accounts to detect EC2 instance lifecycle changes. Configure the Lambda function to write a notification message to the SQS queue in the main account if the function detects an EC2 instance lifecycle change. Add an Amazon EventBridge scheduled rule that invokes the Lambda function every minute.

D. Configure the permissions on the main account event bus to receive events from all accounts. Create an Amazon EventBridge rule in each account to send all the EC2 instance lifecycle events to the main account event bus. Add an EventBridge rule to themain account event bus that matches all EC2 instance lifecycle events. Set the SQS queue as a target for the rule.

Answer

B. Use the resource policies of the SQS queue in the main account to give each account permissions to write to that SQS queue. Add to the Amazon EventBridge event bus of each account an EventBridge rule that matches all EC2 instance lifecycle events. Add the SQS queue in the main account as a target of the rule.

Explanation

The correct answer is B. Use the resource policies of the SQS queue in the main account to give each account permissions to write to that SQS queue. Add to the Amazon EventBridge event bus of each account an EventBridge rule that matches all EC2 instance lifecycle events. Add the SQS queue in the main account as a target of the rule.

This solution will meet the requirements because it will allow the developer to collect and store all the EC2 instance lifecycle events from multiple AWS accounts in a single SQS queue. Amazon SQS is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. Amazon EventBridge is a serverless event bus that makes it easy to connect applications using data from your own applications, integrated software as a service (SaaS) applications, and AWS services. Amazon EC2 sends lifecycle events to EventBridge when an instance enters a state transition, such as starting, stopping, or terminating.

The developer can use the resource policies of the SQS queue in the main account to give each account permissions to write to that SQS queue. A resource policy is a JSON policy document that you attach to an AWS resource to control access to that resource. The developer can add an EventBridge rule to the event bus of each account that matches all EC2 instance lifecycle events. An EventBridge rule consists of a pattern that matches events and a target that processes them. The developer can add the SQS queue in the main account as a target of the rule. This way, whenever an EC2 instance changes its state in any account, an event message will be sent to the SQS queue for further processing.

The other options are not optimal or efficient for the following reasons:

A. Configuring Amazon EC2 to deliver the EC2 instance lifecycle events from all accounts to the Amazon EventBridge event bus of the main account will not work, as Amazon EC2 does not support cross-account delivery of events. The developer will have to use another mechanism, such as AWS Lambda or SNS, to forward the events from each account to the main account.

C. Writing an AWS Lambda function that scans through all EC2 instances in the company accounts to detect EC2 instance lifecycle changes will not meet the requirements, as it will introduce unnecessary complexity and overhead to the application. The developer will have to manage multiple API calls, permissions, and error handling for each account and instance. The developer will also have to deal with potential inconsistencies or delays in detecting the state changes.

D. Configuring the permissions on the main account event bus to receive events from all accounts and creating an Amazon EventBridge rule in each account to send all the EC2 instance lifecycle events to the main account event bus will work, but it will require additional configuration and maintenance steps. The developer will have to create and update multiple rules and permissions for each account and event bus. This solution also introduces an extra hop for the event messages before they reach the SQS queue.

The latest AWS Certified Developer – Associate DVA-C02 certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the AWS Certified Developer – Associate DVA-C02 exam and earn AWS Certified Developer – Associate DVA-C02 certification.