AWS Certified Solutions Architect - Associate

Get started today

Ultimate access to all questions.

Deep dive into the quiz with AI chat providers.

We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.

A company maintains an Amazon RDS database that maps users to cost centers. The company has accounts in an organization in AWS Organizations. The company needs a solution that will tag all resources that are created in a specific AWS account in the organization. The solution must tag each resource with the cost center ID of the user who created the resource.

Which solution will meet these requirements?

Other

Community

UAnonymous

Last updated: February 23, 2026 at 11:39

Move the specific AWS account to a new organizational unit (OU) in Organizations from the management account. Create a service control policy (SCP) that requires all existing resources to have the correct cost center tag before the resources are created. Apply the SCP to the new OU.

Create an AWS Lambda function to tag the resources after the Lambda function looks up the appropriate cost center from the RDS database. Configure an Amazon EventBridge rule that reacts to AWS CloudTrail events to invoke the Lambda function.

Create an AWS CloudFormation stack to deploy an AWS Lambda function. Configure the Lambda function to look up the appropriate cost center from the RDS database and to tag resources. Create an Amazon EventBridge scheduled rule to invoke the CloudFormation stack.

Create an AWS Lambda function to tag the resources with a default value. Configure an Amazon EventBridge rule that reacts to AWS CloudTrail events to invoke the Lambda function when a resource is missing the cost center tag.

Explanation:

Explanation

Correct Answer: B

Why Option B is correct:

Real-time tagging: The solution uses EventBridge rules that react to CloudTrail events, which capture API calls when resources are created. This enables real-time tagging as soon as resources are created.
Dynamic cost center lookup: The Lambda function can query the RDS database to determine the appropriate cost center ID for the user who created the resource, ensuring accurate tagging based on the actual user.
Automated process: The solution automatically tags resources without manual intervention.
Specific account targeting: The solution can be deployed in the specific AWS account mentioned in the requirements.

Why other options are incorrect:

Option A: SCPs (Service Control Policies) are preventative controls that can deny actions, but they cannot automatically tag resources. SCPs can enforce tagging policies but cannot query databases or apply tags dynamically based on user information.

Option C: Using a scheduled rule to invoke a CloudFormation stack doesn't make sense for real-time tagging. CloudFormation stacks are for infrastructure deployment, not for real-time event-driven tagging. Scheduled rules would only run at specific intervals, not immediately when resources are created.

Option D: Tagging resources with a default value doesn't meet the requirement to tag each resource with the cost center ID of the user who created it. The solution needs to look up the specific cost center from the RDS database.

Key AWS Services Used:

AWS Lambda: Serverless compute to execute tagging logic
Amazon EventBridge: Event bus to capture CloudTrail events
AWS CloudTrail: Logs API calls including resource creation events
Amazon RDS: Database storing user-to-cost-center mappings

Architecture Flow:

User creates a resource → CloudTrail logs the API call
EventBridge rule triggers on the CloudTrail event
Lambda function is invoked with event details
Lambda queries RDS database for user's cost center
Lambda applies the appropriate cost center tag to the resource

Powered ByGPT-5.2

Comments

Loading comments...