Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 28 discussion

D is the easiest solution.

why C is not correct？

Option A is the most efficient and straightforward approach to automate log collection and prevent premature termination of EC2 instances by using Auto Scaling lifecycle hooks, CloudWatch alarms, Lambda functions, and SSM to gather and store logs in Amazon S3 before the instance is terminated.

it is D not C because CloudWatch agent can not invokes a script

D as the EC2 is Terminating and Cloudwatch Agent should be not running and cannot collect the logs

It must be 'C' as CloudWatch Agent will push the logs to a particular CloudWatch log group.

Terminating:Wait refers to a state in which an instance is determined to be terminated by the Auto Scaling group as part of the termination process and is temporarily put on hold before it is actually terminated. This state pauses the termination process and provides an opportunity to perform custom actions (logging, graceful shutdown, data backup, etc).

D is correct: Using Eventbridge in combination with lambda is a common practice. A: Cloudwatch alarm only alert, no action so it cannot trigger lambda (when this question came out, it could not) B: AWS config rule cannot triger a script. C: cloudwatch agent itself does not have any direct action on the host but collecting logs

C is also a good choice in this question. Why? you need to have a CW agent installed on the hosts to be able to collect logs from the servers before termination.

D is the correct one IMHO. ASG actions are not logged to cloudwatch logs to use a filter, and if so it would be complicated to extract the data. The canonical way is to rely in an EventBridge event.

D "When a scale-in event occurs, a lifecycle hook pauses the instance before it is terminated and sends you a notification using Amazon EventBridge. While the instance is in the wait state, you can invoke an AWS Lambda function or connect to the instance to download logs or other data before the instance is fully terminated. " https://aws.amazon.com/blogs/infrastructure-and-automation/run-code-before-terminating-an-ec2-auto-scaling-instance/

D for sure 100%

D. Use Auto Scaling lifecycle hooks to put instances in a Terminating:Wait state. Create an Amazon EventBridge rule for EC2 Instance-terminate Lifecycle Action and trigger an AWS Lambda function that invokes an SSM Run Command script to collect logs, push them to Amazon S3, and complete the lifecycle action once logs are collected. With this solution, you can use an Auto Scaling lifecycle hook to put instances in a wait state before termination. This provides an opportunity to collect logs before the instance is terminated. The solution can use an Amazon EventBridge rule for EC2 Instance-terminate Lifecycle Action to trigger an AWS Lambda function that will execute an SSM Run Command script. The script can collect logs and push them to Amazon S3 before completing the lifecycle action and allowing the instance to terminate. This solution provides a way to collect logs before instances are terminated, allowing for root cause analysis of issues.

D seems to be more relevant for this scenario

Note that there is a similar question on Tutorial Dojo and the answer is to "trigger cloudwatch agent"

should be C

D sure