ExpertAWS SAP-C02 · Question 48 · Domain 1.4: Multi-Account Environment
An enterprise has a strict compliance requirement: no Amazon EC2 instances can be launched without a specific set of tags (CostCenter and ProjectID). If a user attempts to launch an instance without these tags, the launch must be blocked immediately. How can the Solutions Architect enforce this across the entire AWS Organization?
An enterprise has a strict compliance requirement: no Amazon EC2 instances can be launched without a specific set of tags (CostCenter and ProjectID). If a user attempts to launch an instance without these tags, the launch must be blocked immediately. How can the Solutions Architect enforce this across the entire AWS Organization?
Answer options:
Use AWS Config with the required-tags managed rule and enable automatic remediation to terminate non-compliant instances.
Create a Service Control Policy (SCP) that denies ec2:RunInstances if the required tags are not present.
Use AWS CloudTrail to monitor for RunInstances events and trigger a Lambda function to stop the instance.
Configure Tag Policies in AWS Organizations to enforce the tags.
How to approach this question
Full Answer
Common mistakes
Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 4
75 questions · hints · full answers · grading