AWS Certified DevOps Engineer - Professional
Get started today
Ultimate access to all questions.
Comments
Loading comments...
Ultimate access to all questions.
A company's developers utilize Amazon EC2 instances as remote workstations. The company has identified a security concern where users can potentially create or modify EC2 security groups to allow unrestricted inbound access. To address this, a DevOps engineer has been tasked with developing a solution that can detect the creation of unrestricted security group rules in near real-time. The solution must also automatically remove these unrestricted rules and subsequently send email notifications to the security team. The engineer has already created an AWS Lambda function that is capable of checking for security group IDs from input, removing rules that grant unrestricted access, and sending notifications via Amazon Simple Notification Service (Amazon SNS). What additional steps should the DevOps engineer take to implement this solution effectively?
A
Configure the Lambda function to be invoked by the SNS topic. Create an AWS CloudTrail subscription for the SNS topic. Configure a subscription filter for security group modification events.
B
Create an Amazon EventBridge scheduled rule to invoke the Lambda function. Define a schedule pattern that runs the Lambda function every hour.
C
Create an Amazon EventBridge event rule that has the default event bus as the source. Define the rule’s event pattern to match EC2 security group creation and modification events. Configure the rule to invoke the Lambda function.
D
Create an Amazon EventBridge custom event bus that subscribes to events from all AWS services. Configure the Lambda function to be invoked by the custom event bus.