DOP-C02 Exam Dumps : AWS Certified DevOps Engineer - Professional

Amazon EventBridge can directly consume AWS Health events as an event source. You can specify event types such as “AWS_EC2_INSTANCE_RETIREMENT_SCHEDULED” or “AWS_EC2_INSTANCE_TERMINATION_SCHEDULED.” The rule’s target should invoke the Systems Manager Automation document (runbook) AWS-RestartEC2Instance to automate the restart within a defined maintenance window. This event-driven automation pattern is described in AWS documentation: “Automating AWS Health event remediation using EventBridge and Systems Manager.”

The startup delay occurs because large container images must be pulled from Amazon ECR when pods are scheduled, especially on newly added nodes that do not have cached images. To consistently reduce pod startup time to seconds, container images must be prefetched directly onto the worker nodes that run the pods, not the EKS control plane.

Amazon EKS control plane nodes are fully managed by AWS and cannot be accessed or modified using AWS Systems Manager. Therefore, any solution that attempts to run Systems Manager commands on control plane nodes is invalid. Prefetching must target the EKS worker nodes (EC2 instances in managed node groups) where container images are actually stored and used.

Option C correctly creates an IAM role that allows Amazon EventBridge to invoke AWS Systems Manager to run commands on the EKS worker nodes. By using Systems Manager State Manager associations with node tags, the automation dynamically targets both existing nodes and newly added nodes that inherit the same tags. This ensures that container images are pulled immediately when a new image is pushed to ECR or when new nodes join the cluster.

Option B incorrectly targets nodes based on machine size, which is not reliable for lifecycle automation. Options A and D incorrectly reference control plane nodes, which cannot be managed with Systems Manager.

Therefore, Option C is the correct and AWS-aligned solution to ensure fast pod startup times across all nodes.

The correct answer is C. Configuring AWS CloudTrail to send log data events to an Amazon CloudWatch Logs log group and creating a CloudWatch logs metric filter to match failed ConsoleLogin events is the simplest and most efficient way to monitor and alert on failed login attempts. Creating a CloudWatch alarm that is based on the metric filter and configuring an alarm action to send messages to the SNS topic will ensure that the security team is notified when multiple failed login attempts occur. This solution requires the least operational effort compared to the other options.

Option A is incorrect because it involves configuring AWS CloudTrail to send log management events instead of log data events. Log management events are used to track changes to CloudTrail configuration, such as creating, updating, or deleting a trail. Log data events are used to track API activity in AWS accounts, such as login attempts. Therefore, option A will not capture the failed ConsoleLogin events.

Option B is incorrect because it involves creating an Amazon Athena query and two Amazon EventBridge rules to monitor and alert on failed login attempts. This is a more complex and costly solution than using CloudWatch logs and alarms. Moreover, option B relies on the query returning a failure, which may not happen if the query is executed successfully but does not find any failed logins.

Option D is incorrect because it involves configuring AWS CloudTrail to send log data events to an Amazon S3 bucket and configuring an Amazon S3 event notification for the s3:ObjectCreated event type. This solution will not work because the s3:ObjectCreated event type does not allow filtering by ConsoleLogin failed events. The event notification will be triggered for any object created in the S3 bucket, regardless of the event type. Therefore, option D will generate a lot of false positives and unnecessary notifications.

AWS CloudTrail Log File Examples

Creating CloudWatch Alarms for CloudTrail Events: Examples

Monitoring CloudTrail Log Files with Amazon CloudWatch Logs