Answer-first summary for fast verification
Answer: Use AWS Config rules to define and detect resources that are not properly tagged.
## Explanation **Correct Answer: A** AWS Config is specifically designed for compliance monitoring and resource configuration management. It provides managed rules that can check for proper tagging across multiple AWS services, including EC2, RDS, and Redshift. **Why AWS Config is the best solution:** 1. **Minimal operational effort**: AWS Config is a managed service that automatically tracks configuration changes and evaluates resources against predefined rules. 2. **Comprehensive coverage**: AWS Config supports checking resources across multiple AWS services, not just EC2. 3. **Continuous compliance**: Resources are continuously monitored, not just periodically checked. 4. **Built-in rules**: AWS Config includes pre-built rules for common compliance checks, including tagging requirements. 5. **Automated remediation**: While not mentioned in the options, AWS Config can be integrated with AWS Systems Manager Automation for automated remediation. **Why other options are not optimal:** **B. Cost Explorer**: - Cost Explorer is primarily for cost analysis and visualization, not for compliance checking - Requires manual intervention to tag resources - Doesn't provide continuous monitoring or automated detection **C. Custom API calls on EC2**: - Requires significant development effort - Needs ongoing maintenance of the EC2 instance - Not a managed service, so operational overhead is high - Limited scalability and reliability **D. Custom API calls with Lambda**: - Better than option C, but still requires custom development - Needs ongoing code maintenance - AWS Config provides the same functionality as a managed service without the development overhead - AWS Config offers more comprehensive features like configuration history and drift detection **Key AWS Config features relevant to this scenario:** - **Managed rules**: Pre-built rules like `required-tags` that check for specific tags - **Resource inventory**: Automatically discovers and tracks resources - **Compliance dashboard**: Provides visibility into compliance status - **Notifications**: Can send alerts via Amazon SNS when resources are non-compliant - **Integration**: Works with AWS Organizations for multi-account management This solution aligns with AWS best practices for compliance monitoring while minimizing operational overhead, which is exactly what the company wants to achieve.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company that hosts its web application on AWS wants to ensure all Amazon EC2 instances, Amazon RDS DB instances, and Amazon Redshift clusters are configured with tags. The company wants to minimize the effort of configuring and operating this check. What should a solutions architect do to accomplish this?
A
Use AWS Config rules to define and detect resources that are not properly tagged.
B
Use Cost Explorer to display resources that are not properly tagged. Tag those resources manually.
C
Write API calls to check all resources for proper tag allocation. Periodically run the code on an EC2 instance.
D
Write API calls to check all resources for proper tag allocation. Schedule an AWS Lambda function through Amazon CloudWatch to periodically run the code.