Which strategy should the solutions architect provide to meet these requirements?

By:
On:
In: SAP-C01
Tagged:
With: 0 Comments
A large company recently experienced an unexpected increase in Amazon RDS and Amazon DynamoDB costs. The company needs to increase visibility into details of AWS Billing and Cost Management. There are various accounts associated with AWS Organizations, including many development and production accounts. There is no consistent tagging strategy across the organization, but there are guidelines in place that require all infrastructure to be deployed usingAWS CloudFormation with consistent tagging. Management requires cost center numbers and project ID numbers for all existing and future DynamoDB tables andRDS instances.

Which strategy should the solutions architect provide to meet these requirements?

Use Tag Editor to tag existing resources. Create cost allocation tags to define the cost center and project ID and allow 24 hours for tags to propagate to existing resources.

Use an AWS Config rule to alert the finance team of untagged resources. Create a centralized AWS Lambda based solution to tag untagged RDS databases and DynamoDB resources every hour using a cross-account role.

Use Tag Editor to tag existing resources. Create cost allocation tags to define the cost center and project ID. Use SCPs to restrict resource creation that do not have the cost center and project ID on the resource.

Create cost allocation tags to define the cost center and project ID and allow 24 hours for tags to propagate to existing resources. Update existing federated roles to restrict privileges to provision resources that do not include the cost center and project ID on the resource.

Explanations:

While using Tag Editor to tag existing resources is a good initial step, this option does not enforce future compliance for all resources created in development and production accounts. Without a mechanism to ensure new resources are tagged with cost center and project ID at creation, ongoing issues with untagged resources may persist.

This approach provides a way to identify untagged resources using AWS Config rules and creates a Lambda function for tagging, but it does not ensure that resources are tagged at creation. It is more reactive rather than proactive, as it addresses existing untagged resources rather than preventing the creation of untagged ones.

This option combines tagging existing resources with creating cost allocation tags and uses Service Control Policies (SCPs) to prevent the creation of new resources that do not have the required tags. This ensures compliance across the organization and provides a proactive approach to managing tagging for future resources.

Similar to Option A, while it addresses tagging existing resources and proposes updating federated roles to restrict resource provisioning, it lacks a robust mechanism like SCPs to enforce consistent tagging at the time of resource creation. This could lead to non-compliance if roles are not adequately managed or enforced.

Leave a Reply

Your email address will not be published. Required fields are marked *

five × 5 =