AWS Certified DevOps Engineer - Professional
Get started today
Ultimate access to all questions.
A company mandates that all Amazon Elastic Block Store (EBS) volumes within an account must be tagged to indicate their desired backup frequency, including those that do not require backups. The company employs a custom tag named Backup_Frequency with values of 'none', 'daily', or 'weekly' to signify the backup frequency. An audit reveals that developers occasionally fail to apply these tags. To ensure compliance with the backup policy, which solution should a DevOps engineer implement to guarantee that all EBS volumes are consistently tagged with the Backup_Frequency tag, defaulting to a weekly backup unless otherwise specified?
A company mandates that all Amazon Elastic Block Store (EBS) volumes within an account must be tagged to indicate their desired backup frequency, including those that do not require backups. The company employs a custom tag named Backup_Frequency with values of 'none', 'daily', or 'weekly' to signify the backup frequency. An audit reveals that developers occasionally fail to apply these tags. To ensure compliance with the backup policy, which solution should a DevOps engineer implement to guarantee that all EBS volumes are consistently tagged with the Backup_Frequency tag, defaulting to a weekly backup unless otherwise specified?
Explanation:
The most straightforward and efficient solution to ensure all EBS volumes are tagged with the Backup_Frequency tag is to use AWS Config with a managed rule. AWS Config can monitor compliance continuously, and you can configure a remediation action that uses a custom AWS Systems Manager Automation runbook to apply the desired tag with minimal effort. This approach leverages an existing managed rule specifically designed to check for tags on EC2::Volume resources, making it the best choice among the given options.