Table of Contents
Question
A company wants to track its expenditures for Amazon EC2 and Amazon RDS within AWS. The company decides to implement more rigorous tagging requirements for resources in its AWS accounts. A SysOps administrator needs to identify all noncompliant resources. What is the MOST operationally efficient solution that meets this requirement?
A. Create a rule in Amazon EventBridge that invokes a custom AWS Lambda function that will evaluate all created or updated resources for the specified tags.
B. Create a rule in AWS Config that invokes a custom AWS Lambda function that will evaluate all resources for the specified tags.
C. Create a rule in AWS Config with the required-tags managed rule to evaluate all resources for the specified tags.
D. Create a rule in Amazon EventBridge with a managed rule to evaluate all created or updated resources for the specified tags.
Answer
C. Create a rule in AWS Config with the required-tags managed rule to evaluate all resources for the specified tags.
Explanation
The correct answer is C. Create a rule in AWS Config with the required-tags managed rule to evaluate all resources for the specified tags.
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. It can help you to track changes, monitor compliance, and troubleshoot issues. AWS Config also provides a set of predefined rules, called managed rules, that can check whether your resources comply with common best practices and standards. One of these managed rules is the required-tags rule, which checks whether your resources have the tags that you specify. You can use this rule to identify all noncompliant resources that do not have the required tags.
To use this rule, you need to create a rule in AWS Config and select the required-tags rule from the list of managed rules. You also need to specify the tag keys and values that you want to check for, as well as the resource types that you want to evaluate. You can also configure other settings, such as the frequency of evaluation, the remediation action, and the notifications. Once you create the rule, AWS Config will start evaluating your resources and report the compliance status in the AWS Config console or API.
This solution is the most operationally efficient one, as it does not require you to write any custom code or use any additional services. It also leverages the existing functionality and scalability of AWS Config and its managed rules.
The other options are not correct for the following reasons:
A. Create a rule in Amazon EventBridge that invokes a custom AWS Lambda function that will evaluate all created or updated resources for the specified tags.
This option is not operationally efficient, as it requires you to write and maintain a custom Lambda function that will perform the tag evaluation logic. It also does not cover all existing resources, only those that are created or updated after the rule is created. Moreover, it does not leverage the existing functionality and scalability of AWS Config and its managed rules.
B. Create a rule in AWS Config that invokes a custom AWS Lambda function that will evaluate all resources for the specified tags.
This option is not operationally efficient, as it requires you to write and maintain a custom Lambda function that will perform the tag evaluation logic. It also does not leverage the existing functionality and scalability of AWS Config and its managed rules, especially the required-tags rule that already does what you need.
D. Create a rule in Amazon EventBridge with a managed rule to evaluate all created or updated resources for the specified tags.
This option is not correct, as Amazon EventBridge does not provide any managed rules for tag evaluation. Amazon EventBridge is a service that enables you to connect your applications with data from various sources, such as AWS services, SaaS applications, or custom applications. It can help you to trigger actions based on events, such as invoking Lambda functions, sending messages, or updating databases. However, it does not provide any built-in functionality for checking resource compliance or configuration.
Amazon AWS Certified SysOps Administrator – Associate certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified SysOps Administrator – Associate exam and earn Amazon AWS Certified SysOps Administrator – Associate certification.