AWS Certified SysOps Administrator – Associate — Question 341

A company is transitioning away from applications that are hosted on Amazon EC2 instances. The company wants to implement a serverless architecture that uses Amazon S3, Amazon API Gateway, AWS Lambda, and Amazon CloudFront. As part of this transition, the company has Elastic IP addresses that are unassociated with any EC2 instances after the EC2 instances are terminated.

A SysOps administrator needs to automate the process of releasing all unassociated Elastic IP addresses that remain after the EC2 instances are terminated.

Which solution will meet this requirement in the MOST operationally efficient way?

Answer options

• A. Activate the eip-attached AWS Config managed rule to run automatically when resource changes occur in the AWS account. Configure automatic remediation for the rule. Specify the AWS-ReleaseElasticIP AWS Systems Manager Automation runbook for remediation. Specify an appropriate role that has permission for the remediation.
• B. Create a custom Lambda function that calls the EC2 ReleaseAddress API operation and specifies the Elastic IP address AllocationId. Invoke the Lambda function by using an Amazon EventBridge rule. Specify AWS services as the event source, All Events as the event type, and AWS Trusted Advisor as the target.
• C. Create an Amazon EventBridge rule. Specify AWS services as the event source, Instance State-change Notification as the event type, and Amazon EC2 as the service. Invoke a Lambda function that extracts the Elastic IP address from the notification. Use AWS CloudFormation to release the address by specifying the AllocationId as an input parameter.
• D. Create a custom Lambda function that calls the EC2 ReleaseAddress API operation and specifies the Elastic IP address AllocationId. Invoke the Lambda function by using an Amazon EventBridge rule. Specify AWS services as the event source, Instance State-change Notification as the event type, and Amazon EC2 as the service.

Correct answer: A

Explanation

Option A is the most operationally efficient choice because it utilizes the native AWS Config managed rule 'eip-attached' combined with an out-of-the-box AWS Systems Manager Automation runbook (AWS-ReleaseElasticIP) to automatically remediate unassociated IPs without writing any custom code. Options B, C, and D all require writing, testing, and maintaining custom AWS Lambda functions, which increases development and operational overhead. Additionally, using CloudFormation (Option C) or Trusted Advisor (Option B) for this type of event-driven cleanup is overly complex and architecturally incorrect.