AWS Certified Solutions Architect – Associate (SAA-C02) — Question 681

A company wants to manage Amazon Machine Images (AMIs). The company currently copies AMIs to the same AWS Region where the AMIs were created. The company needs to design an application that captures AWS API calls and sends alerts whenever the Amazon EC2 CreateImage API operation is called within the company's account.
Which solution will meet these requirements with the LEAST operational overhead?

Answer options

• A. Create an AWS Lambda function to query AWS CloudTrail logs and to send an alert when a CreateImage API call is detected.
• B. Configure AWS CloudTrail with an Amazon Simple Notification Service (Amazon SNS) notification that occurs when updated logs are sent to Amazon S3. Use Amazon Athena to create a new table and to query on Createlmage when an API call is detected.
• C. Create an Amazon EventBridge (Amazon CloudWatch Events) rule for the CreateImage API call. Configure the target as an Amazon Simple Notification Service (Amazon SNS) topic to send an alert when a Createlmage API call is detected.
• D. Configure an Amazon Simple Queue Service (Amazon SQS) FIFO queue as a target for AWS CloudTrail logs. Create an AWS Lambda function to send an alert to an Amazon Simple Notification Service (Amazon SNS) topic when a CreateImage API call is detected.

Correct answer: C

Explanation

Amazon EventBridge allows you to create rules that match incoming AWS API events in real-time and route them directly to targets like Amazon SNS without writing custom code, ensuring the lowest operational overhead. Options involving AWS Lambda, Amazon SQS, or Amazon Athena introduce unnecessary complexity, custom code development, and increased maintenance. Therefore, utilizing an EventBridge rule to trigger an SNS topic is the most efficient and serverless approach.