Learn how to effectively manage AWS resources by implementing tag policies and Service Control Policies (SCPs) in AWS Organizations. Understand the importance of tagging and how to enforce tag usage across your organization.
Table of Contents
Question
A company is designing an AWS Organizations structure. The company wants to standardize a process to apply tags across the entire organization. The company will require tags with specific values when a user creates a new resource. Each of the company’s OUs will have unique tag values.
Which solution will meet these requirements?
A. Use an SCP to deny the creation of resources that do not have the required tags. Create a tag policy that includes the tag values that the company has assigned to each OU. Attach the tag policies to the OUs.
B. Use an SCP to deny the creation of resources that do not have the required tags. Create a tag policy that includes the tag values that the company has assigned to each OU. Attach the tag policies to the organization’s management account.
C. Use an SCP to allow the creation of resources only when the resources have the required tags. Create a tag policy that includes the tag values that the company has assigned to each OU. Attach the tag policies to the OUs.
D. Use an SCP to deny the creation of resources that do not have the required tags. Define the list of tags. Attach the SCP to the OUs.
Answer
A. Use an SCP to deny the creation of resources that do not have the required tags. Create a tag policy that includes the tag values that the company has assigned to each OU. Attach the tag policies to the OUs.
Explanation
AWS Organizations allows you to centrally manage and enforce policies for multiple AWS accounts. Service Control Policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization. SCPs offer central control over the maximum available permissions for all accounts in your organization, allowing you to ensure your accounts stay within your organization’s access control guidelines.
In this case, the company wants to standardize a process to apply tags across the entire organization and require tags with specific values when a user creates a new resource. Each of the company’s Organizational Units (OUs) will have unique tag values.
To meet these requirements, the company can use an SCP to deny the creation of resources that do not have the required tags. This ensures that any new resources created must have the required tags.
Next, the company can create a tag policy that includes the tag values that the company has assigned to each OU. Tag policies help you manage tags and define how they can be used on AWS resources within your organization.
Finally, the company can attach the tag policies to the OUs. This ensures that the tag policies are applied to the resources within the respective OUs, and each OU will have its unique tag values as required.
Amazon AWS Certified Solutions Architect – Professional SAP-C02 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Solutions Architect – Professional SAP-C02 exam and earn Amazon AWS Certified Solutions Architect – Professional SAP-C02 certification.