
Ultimate access to all questions.
Deep dive into the quiz with AI chat providers.
We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.
A company maintains an Amazon RDS database that maps users to cost centers. The company has accounts in an organization in AWS Organizations. The company needs a solution that will tag all resources that are created in a specific AWS account in the organization. The solution must tag each resource with the cost center ID of the user who created the resource.
Which solution will meet these requirements?
A
Move the specific AWS account to a new organizational unit (OU) in Organizations from the management account. Create a service control policy (SCP) that requires all existing resources to have the correct cost center tag before the resources are created. Apply the SCP to the new OU.
B
Create an AWS Lambda function to tag the resources after the Lambda function looks up the appropriate cost center from the RDS database. Configure an Amazon EventBridge rule that reacts to AWS CloudTrail events to invoke the Lambda function.
C
Create an AWS CloudFormation stack to deploy an AWS Lambda function. Configure the Lambda function to look up the appropriate cost center from the RDS database and to tag resources. Create an Amazon EventBridge scheduled rule to invoke the CloudFormation stack.
D
Create an AWS Lambda function to tag the resources with a default value. Configure an Amazon EventBridge rule that reacts to AWS CloudTrail events to invoke the Lambda function when a resource is missing the cost center tag.
Explanation:
Correct Answer: B
Why Option B is correct:
Why other options are incorrect:
Option A: SCPs (Service Control Policies) are preventative controls that can deny actions, but they cannot automatically tag resources. SCPs can enforce tagging policies but cannot query databases or apply tags dynamically based on user information.
Option C: Using a scheduled rule to invoke a CloudFormation stack doesn't make sense for real-time tagging. CloudFormation stacks are for infrastructure deployment, not for real-time event-driven tagging. Scheduled rules would only run at specific intervals, not immediately when resources are created.
Option D: Tagging resources with a default value doesn't meet the requirement to tag each resource with the cost center ID of the user who created it. The solution needs to look up the specific cost center from the RDS database.
Key AWS Services Used:
Architecture Flow: