AWS Certified Database – Specialty — Question 320

A company requires near-real-time notifications when changes are made to Amazon RDS DB security groups.
Which solution will meet this requirement with the LEAST operational overhead?

Answer options

• A. Configure an RDS event notification subscription for DB security group events.
• B. Create an AWS Lambda function that monitors DB security group changes. Create an Amazon Simple Notification Service (Amazon SNS) topic for notification.
• C. Turn on AWS CloudTrail. Configure notifications for the detection of changes to DB security groups.
• D. Configure an Amazon CloudWatch alarm for RDS metrics about changes to DB security groups.

Correct answer: A

Explanation

Amazon RDS event notifications natively support DB security group events and can send near-real-time alerts via Amazon SNS with minimal configuration. Using AWS Lambda or AWS CloudTrail requires writing custom code or parsing logs, which increases operational overhead. CloudWatch metrics do not natively track security group configuration changes, making a metric-based alarm ineffective for this specific requirement.