How can this process be automated?
Create a CloudWatch Logs subscription to an AWS Step Functions application. Configure an AWS Lambda function to add a tag to the EC2 instance that produced the login event and mark the instance to be decommissioned. Create an Amazon EventBridge rule to invoke a second Lambda function once a day that will terminate all instances with this tag.
Create an Amazon CloudWatch alarm that will be invoked by the login event. Send the notification to an Amazon Simple Notification Service (Amazon SNS) topic that the operations team is subscribed to, and have them terminate the EC2 instance within 24 hours.
Create an Amazon CloudWatch alarm that will be invoked by the login event. Configure the alarm to send to an Amazon Simple Queue Service (Amazon SQS) queue. Use a group of worker instances to process messages from the queue, which then schedules an Amazon EventBridge rule to be invoked.
Create a CloudWatch Logs subscription to an AWS Lambda function. Configure the function to add a tag to the EC2 instance that produced the login event and mark the instance to be decommissioned. Create an Amazon EventBridge rule to invoke a daily Lambda function that terminates all instances with this tag.
Explanations:
While this option discusses using CloudWatch Logs and Lambda to tag instances, it incorrectly mentions AWS Step Functions, which is unnecessary for this task. Additionally, there’s no mention of an automatic termination process; it only states marking for decommissioning.
This option relies on manual intervention by the operations team to terminate instances. It does not automate the termination process within 24 hours, which is a requirement. The use of an SNS topic does not fulfill the automation criteria specified.
This option suggests using a CloudWatch alarm and SQS but does not effectively automate the termination of the instances. It introduces unnecessary complexity with worker instances processing SQS messages, and it lacks a direct mechanism to ensure instances are terminated within 24 hours.
This option correctly sets up a CloudWatch Logs subscription to a Lambda function that tags instances that have been logged into, marking them for decommissioning. It also includes an EventBridge rule to trigger a daily Lambda function to terminate instances with the specific tag, thus automating the entire process as required.