A production account has a requirement that any Amazon EC2 instance that has been logged into manually must be terminated within 24 hours. All applications in the production account are using Auto Scaling groups with Amazon CloudWatch Logs agent configured.
How can this process be automated?
A. Create a CloudWatch Logs subscription to an AWS Step Functions application. Configure the function to add a tag to the EC2 instance that produced the login event and mark the instance to be decommissioned. Then create a CloudWatch Events rule to trigger a second AWS Lambda function once a day that will terminate all instances with this tag.
B. Create a CloudWatch alarm that will trigger on the login event. Send the notification to an Amazon SNS topic that the operations team is subscribed to, and have them terminate the EC2 instance within 24 hours.
C. Create a CloudWatch alarm that will trigger on the login event. Configure the alarm to send to an Amazon SQS queue. Use a group of worker instances to process messages from the queue, which then schedules the Amazon CloudWatch Events rule to trigger.
D. Create a CloudWatch Logs subscription in an AWS Lambda function. Configure the function to add a tag to the EC2 instance that produced the login event and mark the instance to be decommissioned. Create a CloudWatch Events rule to trigger a daily Lambda function that terminates all instances with this tag.
D
技巧:排除明显错误选项,在没有明显错误的选项中选择最合理的选项。
题目要求自动化终止在24小时内被手动登录的Amazon EC2实例。需要提供一个解决方案,能够实时检测登录事件、标记实例并在24小时内终止这些实例。
A. 不正确。这个选项使用AWS Step Functions来管理一系列操作,但 AWS Step Functions主要用于协调多个AWS服务之间的复杂的、有状态的工作流,不是处理简单标记和终止任务的最佳选择。另外该选项依赖于每日运行一次的Lambda函数来终止标记的实例,每日检查并终止这些实例的方法不够及时,这不符合24小时内的要求
B. 不正确。使用 Amazon SNS 和 CloudWatch Alarm 服务。这个选项依赖于手动操作,因为SNS通知只是警告操作团队,并没有自动终止实例。这不符合自动化要求,因为它依赖于人为干预。
C. 不正确。使用Amazon SQS、CloudWatch Alarms、CloudWatch events 和Worker Instances 服务。这个选项引入了一个额外的消息队列(SQS)和一组worker实例来处理消息,这增加了系统的复杂性。使用 worker 实例和 CloudWatch Events 规则来触发终止操作也不是最直接的解决方案,并且同样没有保证在24小时内完成。
D. 正确。使用 AWS Lambda 和 CloudWatch Logs 服务。该选项创建一个 CloudWatch Logs订阅,该订阅将日志事件发送到AWS Lambda函数。Lambda 函数可以立即响应登录事件,为产生该事件的EC2实例添加一个特定的标签;同时创建一个 CloudWatch Events 规则,该规则每隔一段时间(例如每小时)检查是否有带有特定标签的实例存在,并触发另一个Lambda函数来终止这些实例。这种方法最大可能地确保了实例在被登录后的24小时内能够被终止。