Answer-first summary for fast verification
Answer: Create an AWS Lambda function to tag the resources after the Lambda function looks up the appropriate cost center from the RDS database. Configure an Amazon EventBridge rule that reacts to AWS CloudTrail events to invoke the Lambda function.
## Explanation **Correct Answer: B** **Why Option B is correct:** 1. **Real-time tagging**: The solution uses EventBridge rules that react to CloudTrail events, which capture API calls when resources are created. This enables real-time tagging as soon as resources are created. 2. **Dynamic cost center lookup**: The Lambda function can query the RDS database to determine the appropriate cost center ID for the user who created the resource, ensuring accurate tagging based on the actual user. 3. **Automated process**: The solution automatically tags resources without manual intervention. 4. **Specific account targeting**: The solution can be deployed in the specific AWS account mentioned in the requirements. **Why other options are incorrect:** **Option A**: SCPs (Service Control Policies) are preventative controls that can deny actions, but they cannot automatically tag resources. SCPs can enforce tagging policies but cannot query databases or apply tags dynamically based on user information. **Option C**: Using a scheduled rule to invoke a CloudFormation stack doesn't make sense for real-time tagging. CloudFormation stacks are for infrastructure deployment, not for real-time event-driven tagging. Scheduled rules would only run at specific intervals, not immediately when resources are created. **Option D**: Tagging resources with a default value doesn't meet the requirement to tag each resource with the cost center ID of the user who created it. The solution needs to look up the specific cost center from the RDS database. **Key AWS Services Used:** - **AWS Lambda**: Serverless compute to execute tagging logic - **Amazon EventBridge**: Event bus to capture CloudTrail events - **AWS CloudTrail**: Logs API calls including resource creation events - **Amazon RDS**: Database storing user-to-cost-center mappings **Architecture Flow:** 1. User creates a resource → CloudTrail logs the API call 2. EventBridge rule triggers on the CloudTrail event 3. Lambda function is invoked with event details 4. Lambda queries RDS database for user's cost center 5. Lambda applies the appropriate cost center tag to the resource
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company maintains an Amazon RDS database that maps users to cost centers. The company has accounts in an organization in AWS Organizations. The company needs a solution that will tag all resources that are created in a specific AWS account in the organization. The solution must tag each resource with the cost center ID of the user who created the resource.
Which solution will meet these requirements?
A
Move the specific AWS account to a new organizational unit (OU) in Organizations from the management account. Create a service control policy (SCP) that requires all existing resources to have the correct cost center tag before the resources are created. Apply the SCP to the new OU.
B
Create an AWS Lambda function to tag the resources after the Lambda function looks up the appropriate cost center from the RDS database. Configure an Amazon EventBridge rule that reacts to AWS CloudTrail events to invoke the Lambda function.
C
Create an AWS CloudFormation stack to deploy an AWS Lambda function. Configure the Lambda function to look up the appropriate cost center from the RDS database and to tag resources. Create an Amazon EventBridge scheduled rule to invoke the CloudFormation stack.
D
Create an AWS Lambda function to tag the resources with a default value. Configure an Amazon EventBridge rule that reacts to AWS CloudTrail events to invoke the Lambda function when a resource is missing the cost center tag.