Topic 1 Question 113
3 つ選択A company is developing and hosting several projects in the AWS Cloud. The projects are developed across multiple AWS accounts under the same organization in AWS Organizations. The company requires the cost for cloud infrastructure to be allocated to the owning project. The team responsible for all of the AWS accounts has discovered that several Amazon EC2 instances are lacking the Project tag used for cost allocation.
Which actions should a solutions architect lake to resolve the problem and prevent it from happening in the future?
Create an AWS Config rule in each account to find resources with missing tags.
Create an SCP in the organization with a deny action for ec2:RunInstances if the Project tag is missing.
Use Amazon Inspector in the organization to find resources with missing tags.
Create an IAM policy in each account with a deny action for ec2:RunInstances if the Project tag is missing.
Create an AWS Config aggregator for the organization to collect a list of EC2 instances with the missing Project tag.
Use AWS Security Hub to aggregate a list of EC2 instances with the missing Project tag.
ユーザの投票
コメント(14)
- 正解だと思う選択肢: ABE
If config rule is added (A) it can be seen in AWS Config aggregator (E) Using SCP in as aws organization is used here in question. So, A,B,E
👍 3God_Is_Love2023/03/06 - 正解だと思う選択肢: BDE
The correct answer is BDE.
B: Creating an SCP (Service Control Policy) in the organization with a deny action for ec2:RunInstances if the Project tag is missing will prevent developers from launching instances without the necessary tag. This is a good option because it will prevent the problem from happening again in the future.
D: Creating an IAM policy in each account with a deny action for ec2:RunInstances if the Project tag is missing will also prevent developers from launching instances without the necessary tag. This is a good option because it will prevent the problem from happening again in the future.
E: Creating an AWS Config aggregator for the organization to collect a list of EC2 instances with the missing Project tag will help the team identify which instances are missing the tag, so they can take action to add the tag. This is a good option because it will help resolve the problem that has already happened and also help the team identify any instances that are not compliant with the company's tagging policy.
👍 2masetromain2023/01/15 - �正解だと思う選択肢: ABE
A and E are correct. But the below is the best way to deploy config rules accross accounts. https://docs.aws.amazon.com/config/latest/developerguide/config-rule-multi-account-deployment.html https://docs.aws.amazon.com/config/latest/developerguide/aggregate-data.html B is correct. https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples_tagging.html
👍 2Untamables2023/01/24
シャッフルモード