Question 12

Question

A company's application development team uses Linux-based Amazon EC2 instances as bastion
hosts. Inbound SSH access to the bastion hosts is restricted to specific IP addresses, as defined in the
associated security groups. The company's security team wants to receive a notification if the
security group rules are modified to allow SSH access from any IP address.
What should a DevOps engineer do to meet this requirement?

Accepted Answer

Create an Amazon EventBridge rule with a source of aws.cloudtrail and the event name
AuthorizeSecurityGroupIngress. Define an Amazon Simple Notification Service (Amazon SNS) topic as
the target.

Leo C. · Answer

A tbh. Official guide and practice tests cover these EventBridge + CloudTrail scenarios a lot.

Sanjay I. · Answer

A since EventBridge can directly catch CloudTrail events like AuthorizeSecurityGroupIngress when rules change. That'll let you notify via SNS right when SSH is opened to the world. Seen similar Qs before, pretty sure it's A.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE