I'm team C. https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/monitor-ami-events.html#:~:text=For%20example%2C%20you%20can%20create%20an%20EventBridge%20rule%20that%20detects%20when%20the%20AMI%20creation%20process%20has%20completed%20and%20then%20invokes%20an%20Amazon%20SNS%20topic%20to%20send%20an%20email%20notification%20to%20you.

Why not A? API calls are already logged in Cloudtrail.

C all day. Trust me

It can be done with option A but you'll have to write a lambda function. option C is least operational overhead.

Monitor AMI events using Amazon EventBridge is possible and here is the link: https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/monitor-ami-events.html

Just took the exam today, most of the questions were from here wish I saw them all to be honest before entering the exam. Anyways, this question was at the exam, I picked option A because as the question stated it wanted two things not one thing only an aplication that CAPTURES API calls and SEND ALERTS WHENEVER Createimage API call is made, OPTION C CLEARLY STATES THAT IN THIS CASE IT WILL ONLYYY LOOK FOR CREATEIMAGE API CALL it will not capture other API calls like the lambda in option A would! Am i the only one that is thinks that or what? TBH I am not sure about anything in this question but that is why I did not pick option C during the exam.

On of the requirements is LEAST operational overhead CloudTrail sends a notification when log files are written to the Amazon S3 bucket. An active account can generate a large number of notifications. If you subscribe with email or SMS, you can receive a large volume of messages. We recommend that you subscribe using Amazon Simple Queue Service (Amazon SQS), which lets you handle notifications programmatically. For more information, see Subscribing a Queue to an Amazon SNS Topic in the Amazon Simple Queue Service Developer Guide.

Answer is c.

C is correct

AWS CloudTrail primarily focuses on auditing and recording API calls made in your AWS account. It logs all API requests made via the AWS Management Console, AWS SDKs, command line tools, and other AWS services. This includes the identity of the caller, the time of the API call, the source IP address of the caller, the request parameters, and the response elements returned by the AWS service. This information is useful for security analysis, resource change tracking, and troubleshooting.

Cloud Watch = AWS Monitoring service for any AWS resources Cloud Trail = AWS API monitoring service with respect to application event that are hosted on AWS. Answer would be "C" https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/monitor-ami-events.html service

"LEAST operational overhead" Option A envolves coding a Lamba. Not good! Option C seems to be the correct.

Event bridge was built specifically to handle this kind of scenario: CreateImage API call (Event Source) -> Event bus -> Rules - > Amazon SNS (Event target)

C. Create an Amazon EventBridge (Amazon CloudWatch Events) rule for the CreateImage API call. Configure the target as an Amazon Simple Notification Service (Amazon SNS) topic to send an alert when a CreateImage API call is detected

A look like the least overhead option to capture an API call.

The company needs to design an application that captures AWS API calls and sends alerts whenever the Amazon EC2 CreateImage API operation is called within the company’s account. With option C, it won't "The company needs to design an application that captures AWS API calls". it only sends the "CreateImage API " event. We need to store the AWS API calls as well.

EventBridge (formerly CloudWatch Events) is a fully managed event bus service that allows you to monitor and respond to events within your AWS environment. By creating an EventBridge rule specifically for the CreateImage API call, you can easily detect and capture this event. Configuring the target as an SNS topic allows you to send an alert whenever a CreateImage API call occurs. This solution requires minimal operational overhead as EventBridge and SNS are fully managed services. A. While using an Lambda to query CloudTrail logs and send an alert can achieve the desired outcome, it introduces additional operational overhead compared to using EventBridge and SNS directly. B. Configuring CloudTrail with an SNS notification and using Athena to query on CreateImage API calls would require more setup and maintenance compared to using EventBridge and SNS. D. Configuring an SQS FIFO queue as a target for CloudTrail logs and using a function to send an alert to an SNS topic adds unnecessary complexity to the solution and increases operational overhead. Using EventBridge and SNS directly is a simpler and more efficient approach.