Skip to main content

AWS DVA-C02 Drill: Cross-Account Event Ingestion - EventBridge vs Lambda Polling

·973 words·5 mins·
Certification Drills AWS DVA-C02 Amazon EventBridge SQS Cross-Account Integration
Jeff Taakey
Author
Jeff Taakey
21+ Year Enterprise Architect | AWS SAA/SAP & Multi-Cloud Expert.
Table of Contents

Jeff’s Note
#

Unlike generic exam dumps, ADH analyzes this scenario through the lens of a Real-World Lead Developer.

For AWS DVA-C02 candidates, the confusion often lies in how to architect event ingestion across multiple AWS accounts while keeping the ingestion pipeline scalable and maintainable. In production, this is about knowing exactly how EventBridge event buses and rules interact cross-account and when to avoid unnecessary polling Lambdas. Let’s drill down.

The Certification Drill (Simulated Question)
#

Scenario
#

A software company named NovaApps runs multiple AWS accounts, each hosting Amazon EC2 instances for different internal teams. Their lead developer needs to build an application that collects all EC2 instance lifecycle events (like pending, running, shutting-down, terminated) from every AWS account.

The company requires that all EC2 lifecycle events are consolidated into a single, centralized Amazon SQS queue located in their primary AWS account for downstream processing and auditing.

The Requirement:
#

Design a solution that reliably gathers EC2 lifecycle events from all AWS accounts into the main account’s SQS queue, with minimal operational overhead and secure, maintainable cross-account event delivery.

The Options
#

  • A) Configure Amazon EC2 to send lifecycle events from all accounts directly to the EventBridge event bus in the main account. Then create an EventBridge rule in the main account that matches all EC2 lifecycle events and set the central SQS queue as the rule target.

  • B) Modify the resource policy of the SQS queue in the main account to grant write permissions to each of the other accounts. In each account, create an EventBridge rule that matches all EC2 lifecycle events and set the main account’s SQS queue as the target.

  • C) Develop a Lambda function that scans all EC2 instances across accounts periodically to detect lifecycle state changes. The Lambda then sends a notification message to the SQS queue in the main account for any changes found. Schedule the Lambda to run every minute.

  • D) Set permissions on the main account EventBridge event bus to allow it to receive events from all other accounts. In every account, create an EventBridge rule that sends all EC2 lifecycle events to the main account’s event bus. In the main account, create a rule on this event bus to forward those events to the SQS queue.

Google adsense
#

leave a comment:

Correct Answer
#

D

Quick Insight: The Developer Imperative
#

  • Cross-account EventBridge event buses support seamless event ingestion when configured correctly. This is preferable to polling approaches, as it reduces latency and Lambda invocation costs.
  • EventBridge rules targeting an SQS queue must exist in the same AWS account as the queue, so sending events directly from multiple accounts to a central SQS queue (option B) is ineffective.
  • Continuous polling via Lambda (option C) is inefficient and does not scale well.
  • Direct EC2 events cannot be sent automatically across accounts without using the event buses securely configured for cross-account delivery (option A misunderstands the event source configuration).

Content Locked: The Expert Analysis
#

You’ve identified the answer. But do you know the implementation details that separate a Junior from a Senior?

Unlock Full Access & Start Mastering

The Expert’s Analysis
#

Correct Answer
#

Option D

The Winning Logic
#

Option D leverages EventBridge’s native cross-account event routing capabilities. Here’s why it works best:

  • EventBridge event buses support cross-account permissions, allowing accounts to send events securely to a centralized event bus.
  • Each AWS account creates an EventBridge rule to capture EC2 lifecycle events and forward those events to the main account’s event bus.
  • The main account has a rule that matches EC2 lifecycle events and forwards them to the SQS queue.
  • This design keeps event routing efficient, avoids the need for Lambda polling, and respects AWS’s service boundaries (E.g., SQS queue event subscriptions are local).
  • Security is maintained by configuring IAM resource policies and event bus permissions, ensuring least privilege.

The Trap (Distractor Analysis)
#

  • Why not A? EC2 instances do not natively send lifecycle events directly to another account’s event bus. You cannot configure EC2 to “push” lifecycle events to an external event bus directly.
  • Why not B? While you can update SQS queue policies to accept cross-account messages, EventBridge rules target local resources only. You cannot directly set an EventBridge rule in one account to target an SQS queue in another account.
  • Why not C? Polling with Lambda is costly and has latency concerns. Also, detecting lifecycle changes via periodic scans is error-prone—events might be missed or duplicated.

The Technical Blueprint
# 

# Example CLI commands to set cross-account permissions on the event bus in the main account
aws events put-permission \
  --event-bus-name mainAccountBus \
  --action "events:PutEvents" \
  --principal <account-id-of-other-account> \
  --statement-id "AllowAccountXXX"

# In each secondary account, create an EventBridge rule to forward EC2 lifecycle events to the main account event bus
aws events put-rule --name EC2LifecycleRule --event-bus-name default --event-pattern '{"source":["aws.ec2"],"detail-type":["EC2 Instance State-change Notification"]}'

aws events put-targets --rule EC2LifecycleRule --event-bus-name default --targets "Id"="1","Arn"="arn:aws:events:<region>:<main-account-id>:event-bus/mainAccountBus"

The Comparative Analysis
#

Option API Complexity Performance Use Case
A Not supported by EC2 source Impossible as EC2 cannot send cross-account Invalid configuration
B Requires resource policy tweaks EventBridge rules can’t directly target SQS cross-account Not feasible for EventBridge->SQS linkage
C Medium (Lambda code + scheduling) High latency, inefficient polling Only for rare event detection, not realtime
D Moderate (EventBridge permissions + rules) Real-time, scalable, cost-efficient Best practice for cross-account event aggregation

Real-World Application (Practitioner Insight)
#

Exam Rule
#

“For DVA-C02, trust EventBridge for cross-account event delivery whenever you see multi-account event ingestion keywords.”

Real World
#

“In production, many teams centralize event inspection and processing through a main EventBridge event bus due to its flexibility and native integration, rather than resorting to periodic latent scans with Lambda.”

(CTA) Stop Guessing, Start Mastering
#

Unlock The Full Analysis Now

Disclaimer

This is a study note based on simulated scenarios for the DVA-C02 exam.

The DevPro Network: Mission and Founder

A 21-Year Tech Leadership Journey

Jeff Taakey has driven complex systems for over two decades, serving in pivotal roles as an Architect, Technical Director, and startup Co-founder/CTO.

He holds both an MBA degree and a Computer Science Master's degree from an English-speaking university in Hong Kong. His expertise is further backed by multiple international certifications including TOGAF, PMP, ITIL, and AWS SAA.

His experience spans diverse sectors and includes leading large, multidisciplinary teams (up to 86 people). He has also served as a Development Team Lead while cooperating with global teams spanning North America, Europe, and Asia-Pacific. He has spearheaded the design of an industry cloud platform. This work was often conducted within global Fortune 500 environments like IBM, Citi and Panasonic.

Following a recent Master’s degree from an English-speaking university in Hong Kong, he launched this platform to share advanced, practical technical knowledge with the global developer community.


About This Site: AWS.CertDevPro.com


AWS.CertDevPro.com focuses exclusively on mastering the Amazon Web Services ecosystem. We transform raw practice questions into strategic Decision Matrices. Led by Jeff Taakey (MBA & 21-year veteran of IBM/Citi), we provide the exclusive SAA and SAP Master Packs designed to move your cloud expertise from certification-ready to project-ready.