Answer-first summary for fast verification
Answer: Create an Amazon EventBridge rule that matches an AWS Config evaluation result of NON_COMPLIANT for the restricted-ssh rule. Configure an input transformer for the EventBridge rule. Configure the EventBridge rule to publish a notification to the SNS topic.
The correct answer is A. This solution involves creating an Amazon EventBridge rule that specifically matches an AWS Config evaluation result of NON_COMPLIANT for the restricted-ssh rule. The EventBridge rule is then configured to use an input transformer to extract relevant information (e.g., name and ID of the non-compliant security group) and publish a customized notification to the Amazon SNS topic. This approach ensures that notifications are tailored with the required details in real-time as soon as a compliance issue is identified.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company is using a single AWS account for testing applications on Amazon EC2 instances. They have enabled AWS Config within this account and have set up the restricted-ssh managed rule to ensure security group compliance. The company requires an automated monitoring system that can deliver a real-time, customized notification whenever a security group fails to comply with the restricted-ssh rule. This notification must include the name and ID of the non-compliant security group. To facilitate this, a DevOps engineer has already created an Amazon Simple Notification Service (Amazon SNS) topic and subscribed relevant personnel. What additional steps should the DevOps engineer take to implement this automated monitoring and notification system?
A
Create an Amazon EventBridge rule that matches an AWS Config evaluation result of NON_COMPLIANT for the restricted-ssh rule. Configure an input transformer for the EventBridge rule. Configure the EventBridge rule to publish a notification to the SNS topic.
B
Configure AWS Config to send all evaluation results for the restricted-ssh rule to the SNS topic. Configure a filter policy on the SNS topic to send only notifications that contain the text of NON_COMPLIANT in the notification to subscribers.
C
Create an Amazon EventBridge rule that matches an AWS Config evaluation result of NON_COMPLIANT for the restricted-ssh rule. Configure the EventBridge rule to invoke AWS Systems Manager Run Command on the SNS topic to customize a notification and to publish the notification to the SNS topic.
D
Create an Amazon EventBridge rule that matches all AWS Config evaluation results of NON_COMPLIANT. Configure an input transformer for the restricted-ssh rule. Configure the EventBridge rule to publish a notification to the SNS topic.