Which solution meets these requirements?

By:
In: SOA-C01
Tagged:
With: 1 Comment
A company’s audit shows that users have been changing cost-related tags on Amazon EC2 instances after deployment.The company has an organization inAWS Organizations with many AWS accounts.The company needs a solution to detect the EC2 instances automatically.The solution must require the least possible operational overhead.

Which solution meets these requirements?

Use service control policies (SCPs) to track EC2 instances that do not have the required tags.

Use Amazon Inspector to run a report to identify EC2 instances that do not have the required tags.

Use an AWS Config rule to track EC2 instances that do not have the required tags.

Use AWS Well-Architected Tool (AWS WA Tool) to run a report to identify EC2 instances that do not have the required tags.

Explanations:

SCPs in AWS Organizations are used to control which actions can be performed on AWS resources, but they do not track or audit resource tags. SCPs cannot automatically detect changes to EC2 tags after deployment.

Amazon Inspector is designed to perform security assessments on AWS resources, not to track or report on the presence of specific tags on EC2 instances. It does not serve the purpose of tracking cost-related tags.

AWS Config allows you to create rules that track resource configurations, including tags on EC2 instances. This is an automated solution that requires minimal operational overhead, as AWS Config continuously monitors resource states.

AWS Well-Architected Tool focuses on providing best practices for building secure, high-performing, and cost-effective cloud architectures. It does not provide a solution for tracking specific resource tags on EC2 instances.

2025-09-29

1 Comment

  1. Anthony
    Author

    I estimate that the answer is:
    Use an AWS Config rule to track EC2 instances that do not have the required tags.

Leave a Reply

Your email address will not be published. Required fields are marked *

20 − twelve =