AWS Certified DevOps Engineer – Professional — Question 181

A company has an application that runs on current-generation Amazon EC2 instances in a VPC. The EC2 instances run Amazon Linux and are launched in an Amazon EC2 Auto Scaling group. The application retrieves data from an Amazon S3 bucket, processes the data, and uploads the processed data to a different S3 bucket.

Recently, the application's performance worsened. A manual investigation identified that outbound network bandwidth utilization was too high for the type of EC2 instance. The company updated the EC2 instances to a larger EC2 instance size.

The company's DevOps team needs to receive notification from an Amazon CloudWatch alarm if the application attempts to use more outbound network bandwidth than is available to the EC2 instances.

Which solution will meet these requirements?

Answer options

• A. Configure EC2 detailed monitoring for the EC2 instances. Create an AWS Lambda function to create a CloudWatch alarm for the bw_out_allowance_exceeded CloudWatch metric for each EC2 instance Configure the alarm to notify the DevOps team.
• B. Configure the unified CloudWatch agent on the EC2 instances to export the bw_out_allowance_exceeded metric to CloudWatch metrics. Create a CloudWatch composite alarm to monitor all bw_out_allowance_exceeded metrics. Configure the alarm to notify the DevOps team.
• C. Configure VPC flow logging to Amazon CloudWatch Logs for the EC2 instances. Create a CloudWatch Logs metric filter to match events in which bandwidth allowance is exceeded. Create a CloudWatch composite alarm to monitor all bw_out_allowance_exceeded metrics. Configure the alarm to notify the DevOps team.
• D. Configure the unified CloudWatch agent on the EC2 instances to export the bw_out_allowance_exceeded metric to CloudWatch metrics. Create an AWS Lambda function to create a CloudWatch alarm for the bw_out_allowance_exceeded CloudWatch metric for each EC2 instance. Configure the alarm to notify the DevOps team.

Correct answer: B

Explanation

Option B is correct because it involves the unified CloudWatch agent exporting the relevant metric directly to CloudWatch, allowing the creation of a composite alarm for effective monitoring of all instances. Option A requires a Lambda function unnecessarily, while Option C relies on VPC flow logs, which may not efficiently track the specific metric. Option D also involves a Lambda function and fails to utilize the composite alarm feature optimally.