A company utilizes AWS Organizations to manage its AWS accounts and employs AWS CloudFormation for infrastructure deployment. The finance team aims to develop a chargeback model and has requested each business unit to tag resources with a specific set of project values. Upon using the AWS Cost and Usage Report in AWS Cost Explorer to filter by project, the finance team identified noncompliant project values. The company seeks to enforce the use of compliant project tags for new resources with minimal effort. Which solution best meets these requirements?

Exam-Like

Implement a tag policy with the allowed project tag values in the organization's management account. Additionally, create a Service Control Policy (SCP) that restricts the cloudformation:CreateStack API operation unless a project tag is included. Apply this SCP to each Organizational Unit (OU).

50.0%

Establish a tag policy with the allowed project tag values within each OU. Furthermore, devise an SCP that prohibits the cloudformation:CreateStack API operation without a project tag. Attach this SCP to each OU.

16.7%

Develop a tag policy with the allowed project tag values in the AWS management account. Also, create an IAM policy that denies the cloudformation:CreateStack API operation if a project tag is not present. Assign this policy to all users.

16.7%

Leverage AWS Service Catalog to manage CloudFormation stacks as products. Utilize a TagOptions library to regulate project tag values and share the portfolio across all OUs within the organization.

16.7%

AWS Certified Solutions Architect - Professional

Get started today

Comments