Which solution meets these requirements?
Use service control policies (SCPs) to track EC2 instances that do not have the required tags.
Use Amazon Inspector to run a report to identify EC2 instances that do not have the required tags.
Use an AWS Config rule to track EC2 instances that do not have the required tags.
Use AWS Well-Architected Tool (AWS WA Tool) to run a report to identify EC2 instances that do not have the required tags.
Explanations:
SCPs in AWS Organizations are used to control which actions can be performed on AWS resources, but they do not track or audit resource tags. SCPs cannot automatically detect changes to EC2 tags after deployment.
Amazon Inspector is designed to perform security assessments on AWS resources, not to track or report on the presence of specific tags on EC2 instances. It does not serve the purpose of tracking cost-related tags.
AWS Config allows you to create rules that track resource configurations, including tags on EC2 instances. This is an automated solution that requires minimal operational overhead, as AWS Config continuously monitors resource states.
AWS Well-Architected Tool focuses on providing best practices for building secure, high-performing, and cost-effective cloud architectures. It does not provide a solution for tracking specific resource tags on EC2 instances.