AWS Certified Solutions Architect - Associate

Get started today

Ultimate access to all questions.

Deep dive into the quiz with AI chat providers.

We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.

A company that hosts its web application on AWS wants to ensure all Amazon EC2 instances, Amazon RDS DB instances, and Amazon Redshift clusters are configured with tags. The company wants to minimize the effort of configuring and operating this check. What should a solutions architect do to accomplish this?

Other

Community

UAnonymous

Last updated: February 23, 2026 at 11:39

Use AWS Config rules to define and detect resources that are not properly tagged.

Use Cost Explorer to display resources that are not properly tagged. Tag those resources manually.

Write API calls to check all resources for proper tag allocation. Periodically run the code on an EC2 instance.

Write API calls to check all resources for proper tag allocation. Schedule an AWS Lambda function through Amazon CloudWatch to periodically run the code.

Explanation:

Explanation

Correct Answer: A

AWS Config is specifically designed for compliance monitoring and resource configuration management. It provides managed rules that can check for proper tagging across multiple AWS services, including EC2, RDS, and Redshift.

Why AWS Config is the best solution:

Minimal operational effort: AWS Config is a managed service that automatically tracks configuration changes and evaluates resources against predefined rules.
Comprehensive coverage: AWS Config supports checking resources across multiple AWS services, not just EC2.
Continuous compliance: Resources are continuously monitored, not just periodically checked.
Built-in rules: AWS Config includes pre-built rules for common compliance checks, including tagging requirements.
Automated remediation: While not mentioned in the options, AWS Config can be integrated with AWS Systems Manager Automation for automated remediation.

Why other options are not optimal:

B. Cost Explorer:

Cost Explorer is primarily for cost analysis and visualization, not for compliance checking
Requires manual intervention to tag resources
Doesn't provide continuous monitoring or automated detection

C. Custom API calls on EC2:

Requires significant development effort
Needs ongoing maintenance of the EC2 instance
Not a managed service, so operational overhead is high
Limited scalability and reliability

D. Custom API calls with Lambda:

Better than option C, but still requires custom development
Needs ongoing code maintenance
AWS Config provides the same functionality as a managed service without the development overhead
AWS Config offers more comprehensive features like configuration history and drift detection

Key AWS Config features relevant to this scenario:

Managed rules: Pre-built rules like required-tags that check for specific tags
Resource inventory: Automatically discovers and tracks resources
Compliance dashboard: Provides visibility into compliance status
Notifications: Can send alerts via Amazon SNS when resources are non-compliant
Integration: Works with AWS Organizations for multi-account management

This solution aligns with AWS best practices for compliance monitoring while minimizing operational overhead, which is exactly what the company wants to achieve.

Powered ByGPT-5.2

Comments

Loading comments...