Logo
AWS Certified Solutions Architect - Associate / Question #1225 of 1019

Question #1225

A company wants to monitor EC2 instance launches in their AWS account. They need an application that detects whenever the Amazon EC2 RunInstances API operation is invoked and immediately sends an alert. Which solution meets these requirements with the LEAST operational overhead?

A

Create an AWS Lambda function to analyze AWS CloudTrail logs and trigger an Amazon Simple Notification Service (Amazon SNS) alert when a RunInstances API call is identified.
B

Configure AWS CloudTrail to send logs to Amazon S3 and enable an Amazon Simple Notification Service (Amazon SNS) notification for new log deliveries. Use Amazon Athena to query the logs for RunInstances API activity and trigger alerts.
C

Create an Amazon EventBridge (Amazon CloudWatch Events) rule to detect RunInstances API calls. Configure the rule to send alerts via an Amazon Simple Notification Service (Amazon SNS) topic when the event occurs.
D

Set up an Amazon Simple Queue Service (Amazon SQS) queue as a target for AWS CloudTrail logs. Develop an AWS Lambda function to process the logs and publish alerts to an Amazon SNS topic upon detecting RunInstances API calls.

Explanation

Answer C is correct because Amazon EventBridge (formerly CloudWatch Events) natively integrates with AWS CloudTrail to monitor specific API events like RunInstances in real-time. By creating an EventBridge rule that matches the RunInstances event, the solution can immediately trigger an SNS alert without additional infrastructure (e.g., Lambda functions, S3 log storage, or Athena queries). This approach eliminates delays from log processing and reduces operational complexity.

Other options are incorrect because:
- A: Lambda-based log analysis introduces delays and requires code maintenance.
- B: Athena queries on S3 logs are not real-time and add steps (log delivery, query execution).
- D: SQS and Lambda processing add unnecessary complexity compared to EventBridge's direct event handling.

Key Points:
1. EventBridge provides real-time event detection for AWS API operations via CloudTrail.
2. Direct integration with SNS minimizes components and operational effort.
3. Avoid solutions requiring log storage, custom code, or batch processing for real-time alerts.

Answer

The correct answer is: C