Learn the best solution for identifying and remediating Amazon DynamoDB tables that lack appropriate tags, with the least operational overhead, using AWS Config and Systems Manager Automation.
Table of Contents
Question
A company needs to enforce tagging requirements for Amazon DynamoDB tables in its AWS accounts. A SysOps administrator must implement a solution to identify and remediate all DynamoDB tables that do not have the appropriate tags.
Which solution will meet these requirements with the LEAST operational overhead?
A. Create a custom AWS Lambda function to evaluate and remediate all DynamoDB tables. Create an Amazon EventBridge scheduled rule to invoke the Lambda function.
B. Create a custom AWS Lambda function to evaluate and remediate ail DynamoDB tables. Create an AWS Config custom rule to invoke the Lambda function.
C. Use the required-tags AWS Config managed rule to evaluate all DynamoDB tables for the appropriate tags. Configure an automatic remediation action that uses an AWS Systems Manager Automation custom runbook.
D. Create an Amazon EventBridge managed rule to evaluate all DynamoDB tables for the appropriate tags. Configure the EventBridge rule to run an AWS Systems Manager Automation custom runbook for remediation.
Answer
C. Use the required-tags AWS Config managed rule to evaluate all DynamoDB tables for the appropriate tags. Configure an automatic remediation action that uses an AWS Systems Manager Automation custom runbook.
Explanation
AWS Config provides a managed rule called “required-tags” that allows you to specify which tags are required for your resources, including DynamoDB tables. This rule will automatically evaluate all DynamoDB tables and identify those that do not have the appropriate tags.
To automate the remediation process with the least operational overhead, you can configure an automatic remediation action for the “required-tags” rule. This action will trigger an AWS Systems Manager Automation custom runbook whenever a non-compliant resource is detected. The custom runbook can be designed to automatically add the missing tags to the identified DynamoDB tables.
This solution leverages the built-in capabilities of AWS Config and Systems Manager Automation, reducing the need for custom Lambda functions and minimizing operational overhead. EventBridge rules (Option D) are not directly suitable for evaluating resource configurations and are better suited for event-driven architectures.
By using AWS Config managed rules and Systems Manager Automation, you can efficiently enforce tagging requirements for your DynamoDB tables and ensure consistent compliance across your AWS accounts.
Amazon AWS Certified SysOps Administrator – Associate certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the Amazon AWS Certified SysOps Administrator – Associate exam and earn Amazon AWS Certified SysOps Administrator – Associate certification.