Which solution will meet these requirements?
Write API calls to describe the EBS volumes and to confirm the EBS volumes are encrypted. Use Amazon EventBridge to schedule an AWS Lambda function to run the API calls.
Write API calls to describe the EBS volumes and to confirm the EBS volumes are encrypted. Run the API calls on an AWS Fargate task.
Create an AWS Identity and Access Management (IAM) policy that requires the use of tags on EBS volumes. Use AWS Cost Explorer to display resources that are not properly tagged. Encrypt the untagged resources manually.
Create an AWS Config rule for Amazon EBS to evaluate if a volume is encrypted and to flag the volume if it is not encrypted.
Explanations:
While using API calls with AWS Lambda and Amazon EventBridge can automate the checking process, it requires custom code and setup, which may increase configuration effort and maintenance costs.
Similar to option A, running API calls on AWS Fargate would require more configuration and management overhead than necessary for a straightforward compliance check.
An IAM policy enforcing tagging does not directly check for encryption and relies on manual intervention for untagged resources. This does not provide an automated or standardized approach to EBS encryption.
AWS Config rules provide a built-in, automated method to evaluate compliance for EBS volume encryption, reducing configuration efforts and ensuring continuous monitoring without manual intervention.
I evaluate that the answer is:
Create an AWS Config rule for Amazon EBS to evaluate if a volume is encrypted and to flag the volume if it is not encrypted.
I have a feeling that the answer is:
Create an AWS Config rule for Amazon EBS to evaluate if a volume is encrypted and to flag the volume if it is not encrypted.