Question 33
Domain 5: Incident and Event ResponseA company has an application that runs on a fleet of Amazon EC2 instances. The application requires frequent restarts. The application logs contain error messages when a restart is required. The application logs are published to a log group in Amazon CloudWatch Logs. An Amazon CloudWatch alarm notifies an application engineer through an Amazon Simple Notification Service (Amazon SNS) topic when the logs contain a large number of restart-related error messages. The application engineer manually restarts the application on the instances after the application engineer receives a notification from the SNS topic. A DevOps engineer needs to implement a solution to automate the application restart on the instances without restarting the instances. Which solution will meet these requirements in the MOST operationally efficient manner?
Correct answer: D
Explanation
AWS Systems Manager Automation can run a script to restart the application on the EC2 instances without rebooting them, which matches the need to automate the restart. Amazon EventBridge can react when the CloudWatch alarm enters "ALARM" state and trigger the runbook, removing the manual SNS-driven step and making the process operationally efficient.
Why each option is right or wrong
A. Configure an AWS Systems Manager Automation runbook that runs a script to restart the application on the instances. Configure the SNS topic to invoke the runbook.
SNS is for notifications and fanout, not the most direct alarm-to-remediation trigger path.
B. Create an AWS Lambda function that restarts the application on the instances. Configure the Lambda function as an event destination of the SNS topic.
Lambda adds custom code, while Systems Manager is purpose-built for instance operational actions.
C. Configure an AWS Systems Manager Automation runbook that runs a script to restart the application on the instances. Create an AWS Lambda function to invoke the runbook. Configure the Lambda function as an event destination of the SNS topic.
Lambda invoking Automation adds an unnecessary extra hop and more operational overhead.
D. Configure an AWS Systems Manager Automation runbook that runs a script to restart the application on the instances. Configure an Amazon EventBridge rule that reacts when the CloudWatch alarm enters ALARM state. Specify the runbook as a target of the rule.
Amazon EventBridge can use the CloudWatch alarm state-change event source and match the alarm transitioning to ALARM, which is the exact trigger point needed to automate remediation without waiting for an SNS subscriber to act. AWS Systems Manager Automation is the correct service to execute a runbook on the EC2 fleet and run a restart script on the operating system/application layer, avoiding an instance reboot and keeping the workflow fully managed and event-driven.