Ultimate access to all questions.
A company is using a single AWS account for testing applications on Amazon EC2 instances. They have enabled AWS Config within this account and have set up the restricted-ssh managed rule to ensure security group compliance. The company requires an automated monitoring system that can deliver a real-time, customized notification whenever a security group fails to comply with the restricted-ssh rule. This notification must include the name and ID of the non-compliant security group. To facilitate this, a DevOps engineer has already created an Amazon Simple Notification Service (Amazon SNS) topic and subscribed relevant personnel. What additional steps should the DevOps engineer take to implement this automated monitoring and notification system?
A
Create an Amazon EventBridge rule that matches an AWS Config evaluation result of NON_COMPLIANT for the restricted-ssh rule. Configure an input transformer for the EventBridge rule. Configure the EventBridge rule to publish a notification to the SNS topic._
B
Configure AWS Config to send all evaluation results for the restricted-ssh rule to the SNS topic. Configure a filter policy on the SNS topic to send only notifications that contain the text of NON_COMPLIANT in the notification to subscribers._
C
Create an Amazon EventBridge rule that matches an AWS Config evaluation result of NON_COMPLIANT for the restricted-ssh rule. Configure the EventBridge rule to invoke AWS Systems Manager Run Command on the SNS topic to customize a notification and to publish the notification to the SNS topic._
D
Create an Amazon EventBridge rule that matches all AWS Config evaluation results of NON_COMPLIANT. Configure an input transformer for the restricted-ssh rule. Configure the EventBridge rule to publish a notification to the SNS topic._