Answer-first summary for fast verification
Answer: Set up AWS Config in the account. Use a managed rule that returns a compliance failure for EC2::Volume resources that do not have a Backup Frequency tag applied. Configure a remediation action that uses a custom AWS Systems Manager Automation runbook to apply the Backup_Frequency tag with a value of weekly.
The most straightforward and efficient solution to ensure all EBS volumes are tagged with the Backup_Frequency tag is to use AWS Config with a managed rule. AWS Config can monitor compliance continuously, and you can configure a remediation action that uses a custom AWS Systems Manager Automation runbook to apply the desired tag with minimal effort. This approach leverages an existing managed rule specifically designed to check for tags on EC2::Volume resources, making it the best choice among the given options.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company mandates that all Amazon Elastic Block Store (EBS) volumes within an account must be tagged to indicate their desired backup frequency, including those that do not require backups. The company employs a custom tag named Backup_Frequency with values of 'none', 'daily', or 'weekly' to signify the backup frequency. An audit reveals that developers occasionally fail to apply these tags. To ensure compliance with the backup policy, which solution should a DevOps engineer implement to guarantee that all EBS volumes are consistently tagged with the Backup_Frequency tag, defaulting to a weekly backup unless otherwise specified?
A
Set up AWS Config in the account. Create a custom rule that returns a compliance failure for all Amazon EC2 resources that do not have a Backup Frequency tag applied. Configure a remediation action that uses a custom AWS Systems Manager Automation runbook to apply the Backup_Frequency tag with a value of weekly.
B
Set up AWS Config in the account. Use a managed rule that returns a compliance failure for EC2::Volume resources that do not have a Backup Frequency tag applied. Configure a remediation action that uses a custom AWS Systems Manager Automation runbook to apply the Backup_Frequency tag with a value of weekly.
C
Turn on AWS CloudTrail in the account. Create an Amazon EventBridge rule that reacts to EBS CreateVolume events. Configure a custom AWS Systems Manager Automation runbook to apply the Backup_Frequency tag with a value of weekly. Specify the runbook as the target of the rule.
D
Turn on AWS CloudTrail in the account. Create an Amazon EventBridge rule that reacts to EBS CreateVolume events or EBS ModifyVolume events. Configure a custom AWS Systems Manager Automation runbook to apply the Backup_Frequency tag with a value of weekly. Specify the runbook as the target of the rule.