Answer-first summary for fast verification
Answer: Enable AWS Config, define the rule parameters, and then create the rule using the AWS CLI. Example: A security policy requiring all EC2 instances to have disk encryption enabled.
The most detailed and comprehensive approach is to use the AWS CLI, which provides greater flexibility and automation in creating and managing the rule. Additionally, enabling AWS Config and defining the rule parameters are necessary prerequisites. The example provided demonstrates a specific security policy that could be enforced by this rule, such as requiring all EC2 instances to have disk encryption enabled.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You have been asked to create an AWS Config rule to detect noncompliant AWS resources related to a specific security policy. Describe the steps you would take to create this rule, including any necessary prerequisites, and provide an example of a security policy that could be enforced by this rule.
A
Enable AWS Config, define the rule parameters, and then create the rule using the AWS Management Console. Example: A security policy requiring all S3 buckets to be private.
B
Enable AWS Config, define the rule parameters, and then create the rule using the AWS CLI. Example: A security policy requiring all EC2 instances to have disk encryption enabled.
C
Enable AWS Config, define the rule parameters, and then create the rule using AWS SDKs. Example: A security policy requiring all RDS instances to be in a specific VPC.
D
Enable AWS Config, define the rule parameters, and then create the rule using AWS CloudFormation. Example: A security policy requiring all Lambda functions to have a specific set of IAM permissions.
No comments yet.