Topic 1 Question 167

AWS Certified DevOps Engineer - Professional

Topic 1 Question 167
A company uses an organization in AWS Organizations to manage its AWS accounts. The company's automation account contains a CI/CD pipeline that creates and configures new AWS accounts.

The company has a group of internal service teams that provide services to accounts in the organization. The service teams operate out of a set of services accounts. The service teams want to receive an AWS CloudTrail event in their services accounts when the CreateAccount API call creates a new account.

How should the company share this CloudTrail event with the service accounts?
- Create an Amazon EventBridge rule in the automation account to send account creation events to the default event bus in the services accounts. Update the default event bus in the services accounts to allow events from the automation account.
- Create a custom Amazon EventBridge event bus in the services accounts. Update the custom event bus to allow events from the automation account. Create an EventBridge rule in the services account that directly listens to CloudTrail events from the automation account.
- Create a custom Amazon EventBridge event bus in the automation account and the services accounts. Create an EventBridge rule and policy that connects the custom event buses that are in the automation account and the services accounts.
- Create a custom Amazon EventBridge event bus in the automation account. Create an EventBridge rule and policy that connects the custom event bus to the default event buses in the services accounts.
ユーザの投票
コメント(5)
- 正解だと思う選択肢: A
  A is right. "Create an Amazon EventBridge rule in the automation account to send account creation events to the default event bus in the services accounts": propagation of provision events to the service accounts. "Update the default event bus in the services accounts to allow events from the automation account.": correct
  
  B. "Create a custom Amazon EventBridge event bus in the services accounts. Update the custom event bus to allow events from the automation account.": correct however "Create an EventBridge rule in the services account that directly listens to CloudTrail events from the automation account.": Why do you create a rule in the services account listening the events from automation account, in opposite, the rule should be created in the automation account to push the events to the bus in the services account.
  
  👍 3
  ozansenturk2024/01/01
- 正解だと思う選択肢: B
  It's B - create an Eventbridge rule in the source account, and point the rule to a custom event bus in the service accounts.
  
  👍 1
  csG132023/12/29
- 正解だと思う選択肢: B
  I will go with B.
  
  Given that "listening directly to CloudTrail" is mentioned in the below AWS documentation in bullet point number 8:
  
  https://aws.amazon.com/blogs/machine-learning/onboard-users-to-amazon-sagemaker-studio-with-active-directory-group-specific-iam-roles/
  
  👍 1
  kabary2024/01/01
シャッフルモード

ユーザの投票

コメント(5)