How can this process be automated?
Create a CloudWatch Logs subscription to an AWS Step Functions application. Configure the function to add a tag to the EC2 instance that produced the login event and mark the instance to be decommissioned. Then create a CloudWatch Events rule to trigger a second AWS Lambda function once a day that will terminate all instances with this tag.
Create a CloudWatch alarm that will trigger on the login event. Send the notification to an Amazon SNS topic that the operations team is subscribed to, and have them terminate the EC2 instance within 24 hours.
Create a CloudWatch alarm that will trigger on the login event. Configure the alarm to send to an Amazon SQS queue. Use a group of worker instances to process messages from the queue, which then schedules the Amazon CloudWatch Events rule to trigger.
Create a CloudWatch Logs subscription in an AWS Lambda function. Configure the function to add a tag to the EC2 instance that produced the login event and mark the instance to be decommissioned. Create a CloudWatch Events rule to trigger a daily Lambda function that terminates all instances with this tag.
Explanations:
While this option suggests using AWS Step Functions to manage the tagging and termination, it introduces unnecessary complexity. A simpler Lambda-based solution (like option D) would be more efficient.
This option relies on manual intervention (operations team must terminate the instance within 24 hours), which does not automate the process as required.
This option introduces unnecessary complexity by requiring worker instances to process messages from an SQS queue. It adds an additional layer of infrastructure without a clear need.
This option effectively automates the process by using a CloudWatch Logs subscription to trigger a Lambda function that tags the instance. A daily Lambda function is then used to terminate the instances with the tag, fully automating the termination process.