Question #1852
A company is designing an event-driven file processing system. Each uploaded file requires multiple processing steps, such as virus scanning, metadata extraction, and thumbnail generation. An idempotent AWS Lambda function performs each processing step. Each step is independent of the others and requires only a subset of the file event information. The company wants to ensure that each processing step Lambda function has access to only the necessary data and that the system components remain loosely coupled to accommodate future changes. Which solution will meet these requirements?
Create an Amazon Simple Queue Service (Amazon SQS) queue for each processing step. Develop a Lambda function to transform the file event data into the required format for each step and publish messages to the corresponding queues. Subscribe each processing step Lambda function to its designated SQS queue.
Create an Amazon Simple Notification Service (Amazon SNS) topic. Subscribe all processing step Lambda functions to the topic. Use SNS message filtering to deliver only the relevant data subset to each Lambda function.
Create an Amazon EventBridge event bus. Define an event rule for each processing step. Configure an input transformer for each rule to send only the required data to the corresponding target processing step Lambda function.
Create a single Amazon Simple Queue Service (Amazon SQS) queue. Implement a Lambda function to subscribe to the queue, transform the file event data, and synchronously invoke all processing step Lambda functions in parallel on separate threads.
Explanation
Option C is correct because Amazon EventBridge enables decoupled event routing with rules and input transformers. Each rule can filter and transform the event payload to include only the subset of data required by the corresponding Lambda function. This ensures each processing step has minimal access to data, adheres to the principle of least privilege, and maintains loose coupling. Future changes (e.g., adding new steps) only require new rules/transformers without modifying existing components.
Other options are incorrect:
- A: Managing separate SQS queues per step adds complexity, and the initial Lambda must handle transformations for all queues, increasing coupling.
- B: SNS filtering relies on message attributes, which may not inherently limit data exposure without careful setup, and lacks payload transformation.
- D: A single SQS queue with synchronous Lambda invocations creates tight coupling and risks exposing unnecessary data.
Key Points: Use EventBridge for decoupled event routing, input transformers to limit data exposure, and rules to isolate processing steps.
Answer
The correct answer is: C