Which solution will meet these requirements with the LEAST operational overhead?

By:
On:
In: SOA-C02
Tagged:
With: 0 Comments
A company needs to enforce tagging requirements for Amazon DynamoDB tables in its AWS accounts.A SysOps administrator must implement a solution to identify and remediate all DynamoDB tables that do not have the appropriate tags.

Which solution will meet these requirements with the LEAST operational overhead?

Create a custom AWS Lambda function to evaluate and remediate all DynamoDB tables. Create an Amazon EventBridge scheduled rule to invoke the Lambda function.

Create a custom AWS Lambda function to evaluate and remediate ail DynamoDB tables. Create an AWS Config custom rule to invoke the Lambda function.

Use the required-tags AWS Config managed rule to evaluate all DynamoDB tables for the appropriate tags. Configure an automatic remediation action that uses an AWSSystems Manager Automation custom runbook.

Create an Amazon EventBridge managed rule to evaluate all DynamoDB tables for the appropriate tags. Configure the EventBridge rule to run an AWS Systems ManagerAutomation custom runbook for remediation.

Explanations:

Although this option can evaluate and remediate tags, it requires custom code and periodic scheduling, which increases operational overhead compared to managed services.

AWS Config custom rules can evaluate compliance, but creating a custom rule and Lambda function requires more management effort compared to using managed rules.

The required-tags AWS Config managed rule directly evaluates DynamoDB tables for missing tags, and AWS Systems Manager Automation can automate remediation with low overhead.

Amazon EventBridge cannot directly evaluate resource tags. This option requires more setup and does not leverage AWS Config’s native tag compliance capabilities.

Leave a Reply

Your email address will not be published. Required fields are marked *

seventeen + 12 =