AWS Certified SysOps Administrator – Associate — Question 377

A company has internal hybrid applications that have resources in the AWS Cloud and on premises. Users report that the applications sometimes are not available. The company has configured an Amazon CloudWatch alarm to monitor the tunnel status of its AWS Site-to-Site VPN connection.

A SysOps administrator must implement a solution that creates a high-priority ticket in an internal ticketing tool when the VPN tunnel is down.

Which solution will meet this requirement?

Answer options

• A. Create an Amazon Simple Notification Service (Amazon SNS) topic for the CloudWatch alarm. Subscribe the ticketing tool's endpoint to the SNS topic.
• B. Create an Amazon Simple Queue Service (Amazon SQS) queue as the target for the CloudWatch alarm. Configure the queue to transform messages into tickets and to post the tickets to the ticketing tool’s endpoint.
• C. Create an AWS Lambda function. Configure the CloudWatch alarm to directly invoke the Lambda function to create individual tickets in the ticketing tool.
• D. Create an Amazon EventBridge rule that monitors the VPN tunnel directly. Configure the ticketing tool’s endpoint as the target of the rule.

Correct answer: A

Explanation

Option A is correct because Amazon CloudWatch alarms natively integrate with Amazon SNS to send notifications when an alarm state changes, allowing the ticketing system's HTTP/HTTPS endpoint to receive the alert directly as a subscription. Option B is incorrect because SQS queues are pull-based and cannot actively push or transform messages to an external endpoint without a compute resource like Lambda. Option C is incorrect because CloudWatch alarms cannot directly trigger AWS Lambda functions without using SNS or EventBridge as an intermediary, and Option D is incorrect because EventBridge requires API Destinations to send events to custom endpoints, which is not specified.