AWS Certified Solutions Architect - Associate
Get started today
Ultimate access to all questions.
Deep dive into the quiz with AI chat providers.
We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.
A company wants to manage Amazon Machine Images (AMIs). The company currently copies AMIs to the same AWS Region where the AMIs were created. The company needs to design an application that captures AWS API calls and sends alerts whenever the Amazon EC2 CreateImage API operation is called within the company's account.
Which solution will meet these requirements with the LEAST operational overhead?
Other
Community
UAnonymous
A
Create an AWS Lambda function to query AWS CloudTrail logs and to send an alert when a CreateImage API call is detected.
B
Configure AWS CloudTrail with an Amazon Simple Notification Service (Amazon SNS) notification that occurs when updated logs are sent to Amazon S3. Use Amazon Athena to create a new table and to query on CreateImage when an API call is detected.
C
Create an Amazon EventBridge (Amazon CloudWatch Events) rule for the CreateImage API call. Configure the target as an Amazon Simple Notification Service (Amazon SNS) topic to send an alert when a CreateImage API call is detected.
D
Configure an Amazon Simple Queue Service (Amazon SQS) FIFO queue as a target for AWS CloudTrail logs. Create an AWS Lambda function to send an alert to an Amazon Simple Notification Service (Amazon SNS) topic when a CreateImage API call is detected.
Explanation:
Explanation
Correct Answer: C
Amazon EventBridge (formerly CloudWatch Events) provides the most direct and least operationally complex solution for this requirement. Here's why:
Why Option C is Best:
- Direct Integration: EventBridge can directly capture AWS API calls via CloudTrail integration without requiring custom code or complex configurations.
- Real-time Processing: EventBridge processes events in near real-time, providing immediate alerts when CreateImage API calls occur.
- Minimal Operational Overhead: No need to manage Lambda functions, query logs, or set up Athena tables - EventBridge handles the event filtering and routing automatically.
- Simple Configuration: Just create a rule that matches the CreateImage event pattern and route it to an SNS topic for alerting.
Why Other Options are Less Optimal:
Option A: Requires creating and maintaining a Lambda function that queries CloudTrail logs. This adds operational overhead for function deployment, monitoring, and potential log parsing logic.
Option B: Involves multiple services (CloudTrail → S3 → Athena → SNS) and requires setting up Athena tables and queries, which is complex and has higher operational overhead.
Option D: Requires configuring SQS as a CloudTrail target, then creating a Lambda function to process messages - more components to manage than the EventBridge solution.
Key AWS Concepts:
- Amazon EventBridge: Serverless event bus service that receives events from AWS services, SaaS applications, and custom applications.
- CloudTrail Integration: EventBridge can automatically capture AWS API calls logged by CloudTrail.
- Event Patterns: You can create rules with specific event patterns (like
eventName: CreateImage) to filter and route events. - SNS Integration: EventBridge can directly send events to SNS topics for alerting.
This solution aligns with AWS best practices for monitoring API activity with minimal operational complexity.
Comments
Loading comments...