AWS Certified Solutions Architect - Professional
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
A company utilizes AWS Organizations to manage multiple AWS accounts, with each business unit operating applications on Amazon EC2 instances. It is mandatory for all EC2 instances to be tagged with a BusinessUnit tag to facilitate cost tracking per business unit. An audit has identified instances without this tag, which were subsequently manually tagged. What measures should a solutions architect implement to ensure future compliance with the tagging requirement?
Explanation:
The correct answer is C. To enforce the tagging requirement, a Service Control Policy (SCP) should be created and attached to the root of the organization. This SCP can enforce that all EC2 instances are tagged with the BusinessUnit tag at the time of their creation. While tag policies can help manage tags, they do not enforce tag application at resource creation. Therefore, using SCPs in combination with tag policies is the best practice to ensure all resources are tagged correctly at creation.