This solution correctly implements the centralized event bus pattern, which is the best practice for aggregating events from multiple AWS accounts. The process involves three key steps:

1. The main (receiving) account applies a resource-based policy to its event bus, granting permission for other specific accounts to send events to it.

2. Each source (sending) account creates an EventBridge rule to capture the desired EC2 lifecycle events and sets the target of that rule to be the event bus in the main account.

3. The main account creates a final rule on its event bus to process these aggregated events and forward them to the SQS queue. This architecture is scalable, manageable, and decouples event producers from the final consumer.

Why Incorrect Options are Wrong

A. This option misrepresents how cross-account event delivery works. EC2 instances publish events to their local account's event bus, not directly to an event bus in another account.

B. While technically possible to target a cross-account SQS queue directly from each source account, this creates tight coupling and is harder to manage. The central event bus pattern (Option D) is superior.

C. This describes an inefficient polling mechanism. An event-driven approach using Amazon EventBridge is the standard, real-time, and more cost-effective method for reacting to AWS service events like EC2 lifecycle changes.

---

References

1. AWS Documentation, Amazon EventBridge User Guide: "Sending and receiving Amazon EventBridge events between AWS accounts". This document explicitly details the recommended pattern. It states, "To send events to another account, you create a rule with the event bus in the other account as a target... The receiving account must grant permission to the sending account to send events to an event bus in the receiving account." This directly supports the steps outlined in option D.

2. AWS Documentation, Amazon EventBridge User Guide: "Tutorial: Route events to a different account". This tutorial provides a step-by-step guide that mirrors the solution in option D: "Step 1: Add permissions to the event bus in the receiving account," "Step 2: Create a rule in the sending account," and "Step 3: Create a rule in the receiving account."

3. AWS Documentation, Amazon EventBridge User Guide: "Amazon EventBridge resource-based policies". This section explains how to configure the permissions on the receiving event bus, which is the first step in option D. It provides policy examples for granting events:PutEvents permissions to other accounts.

4. AWS Documentation, Amazon EventBridge User Guide: "EC2 instance state-change events". This page confirms that EC2 instance state changes generate events that are sent to the default EventBridge event bus, making them available for rules to process.