Answer-first summary for fast verification
Answer: Create a Service Control Policy (SCP) and attach it to the organization's root, including a statement in the SCP to enforce tagging.
The correct answer is C. To enforce the tagging requirement, a Service Control Policy (SCP) should be created and attached to the root of the organization. This SCP can enforce that all EC2 instances are tagged with the BusinessUnit tag at the time of their creation. While tag policies can help manage tags, they do not enforce tag application at resource creation. Therefore, using SCPs in combination with tag policies is the best practice to ensure all resources are tagged correctly at creation.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A company utilizes AWS Organizations to manage multiple AWS accounts, with each business unit operating applications on Amazon EC2 instances. It is mandatory for all EC2 instances to be tagged with a BusinessUnit tag to facilitate cost tracking per business unit. An audit has identified instances without this tag, which were subsequently manually tagged. What measures should a solutions architect implement to ensure future compliance with the tagging requirement?
A
Enable tag policies within the organization, create a tag policy for the BusinessUnit tag, ensure tag key capitalization compliance is disabled, apply the tag policy to ec2:instance resource types, and attach the tag policy to the organization's root.
B
Enable tag policies within the organization, create a tag policy for the BusinessUnit tag, ensure tag key capitalization compliance is enabled, apply the tag policy to ec2:instance resource types, and attach the tag policy to the organization's management account.
C
Create a Service Control Policy (SCP) and attach it to the organization's root, including a statement in the SCP to enforce tagging.
D
Create a Service Control Policy (SCP) and attach it to the organization's management account, including a statement in the SCP to enforce tagging.
No comments yet.