AWS Certified DevOps Engineer – Professional — Question 160

A company hosts a multi-tenant application on Amazon EC2 instances behind an Application Load Balancer. The instances run Windows Server and are in an Auto Scaling group. The application uses a license file on the instances that can be updated on the instances without customer disruption. When a new customer purchases access to the application, the company's licensing team adds a new license key to a file in an Amazon S3 bucket. After the license file is updated, the operations team manually updates the EC2 instances.

A DevOps engineer needs to automate the EC2 instance file update process. The automated process must decrease the time for EC2 instances to get the updated license file and must notify the operations team about success or failure of the update process.

The DevOps engineer creates a resource group in AWS Resource Groups. The resource group uses a tag that the Auto Sealing group applies to the EC2 instances.

What should the DevOps engineer do next to meet the requirements MOST cost-effectively?

Answer options

• A. Create an S3 event notification to invoke an AWS Lambda function when the license file is updated in the S3 bucket. Configure the Lambda function to invoke AWS Systems Manager Run Command to run the AWS-RunRemoteScript document to download the updated license file. Specify the command from Lambda to run on the application's resource group with 50% concurrency. Configure Amazon Simple Email Service (Amazon SES) notifications for event notifications of SUCCESS and FAILED to send email notifications to the operations team.
• B. Create an S3 event notification to invoke an AWS Lambda function when the license file is updated in the S3 bucket. Configure the Lambda function to invoke AWS Systems Manager Run Command to run the AWS-RunPowerShellScript document to download the updated license file. Specify the command from Lambda to run on the application's resource group with 50% concurrency. Configure an Amazon Simple Notification Service (Amazon SNS) topic to send event notifications of SUCCESS and FAILED. Subscribe the email addresses of the operations team members to the SNS topic.
• C. Create an Amazon EventBridge scheduled rule that runs each hour to invoke an AWS Lambda function. Configure the Lambda function to invoke AWS Systems Manager Run Command to run the AWS-RunPowerShellScript document to download the updated license file. Specify the command from Lambda to run on the application's resource group with 50% concurrency. Configure an Amazon Simple Notification Service (Amazon SNS) topic to send event notifications of SUCCESS and FAILED. Subscribe the email addresses of the operations team members to the SNS topic.
• D. Create an Amazon EventBridge scheduled rule that runs each hour to invoke an AWS Lambda function. Configure the Lambda function to invoke AWS Systems Manager Run Command to run the AWS-RunRemoteScript document to download the updated license file. Specify the command from Lambda to run on the application's resource group with 50% concurrency. Configure Amazon Simple Email Service (Amazon SES) notifications for event notifications of SUCCESS and FAILED to send email notifications to the operations team.

Correct answer: B

Explanation

Option B is correct because it utilizes an S3 event notification to trigger a Lambda function that runs a PowerShell script via AWS Systems Manager, which is appropriate for Windows instances. Additionally, it incorporates Amazon SNS for efficient notification of successes and failures, making it a cost-effective and timely solution. The other options either use SES instead of SNS or rely on scheduled rules, which do not meet the requirement for immediate updates upon license file changes.