Q: 9
A production account has a requirement that any Amazon EC2 instance that has been logged in to
manually must be terminated within 24 hours. All applications in the production account are using
Auto Scaling groups with the Amazon CloudWatch Logs agent configured.
How can this process be automated?
Options
Discussion
D , official guide and practice exams cover this automation flow.
D , since this is the only option that fully automates the required workflow with tagging on manual login and scheduled termination, no humans needed. The CloudWatch Logs subscription to Lambda makes it seamless. One minor edge case: if you had very specific retention/audit or approval requirements, A could be considered, but for pure automation D fits best. Correct me if I missed something.
D
Pretty sure B is a distractor since it depends on ops team action. D automates tagging and termination without involving people.
Had something like this in a mock, it's D. Direct CloudWatch Logs to Lambda, auto-tags, then terminates tagged instances daily. Fits the automation requirement exactly, no extra services needed. Pretty confident but open if anyone thinks otherwise.
D imo
Don't think B is right, because that relies too much on manual effort from ops which could easily exceed the 24 hour window. D automates the process end to end using CloudWatch Logs and Lambda, so it's a better fit here. Anyone else see A as a distractor?
B
D, not A, is better here. A uses Step Functions which feels like overkill for just tagging and terminating instances after logins. D goes straight from CloudWatch Logs to Lambda for automation with less complexity. Pretty sure D is how AWS guides recommend it unless extra orchestration is needed.
See this pattern in the official exam guide and labs. D
Be respectful. No spam.
