Which strategy should the solutions architect provide to meet these requirements?

By:
On:
In: SAP-C02
Tagged:
With: 0 Comments
A large company recently experienced an unexpected increase in Amazon RDS and Amazon DynamoDB costs.The company needs to increase visibility into details of AWS Billing and Cost Management.There are various accounts associated with AWS Organizations, including many development and production accounts.There is no consistent tagging strategy across the organization, but there are guidelines in place that require all infrastructure to be deployed using AWS CloudFormation with consistent tagging.Management requires cost center numbers and project ID numbers for all existing and future DynamoDB tables and RDS instances.

Which strategy should the solutions architect provide to meet these requirements?

Use Tag Editor to tag existing resources. Create cost allocation tags to define the cost center and project ID and allow 24 hours for tags to propagate to existing resources.

Use an AWS Config rule to alert the finance team of untagged resources. Create a centralized AWS Lambda based solution to tag untagged RDS databases and DynamoDB resources every hour using a cross-account role.

Use Tag Editor to tag existing resources. Create cost allocation tags to define the cost center and project ID. Use SCPs to restrict resource creation that do not have the cost center and project ID on the resource.

Create cost allocation tags to define the cost center and project ID and allow 24 hours for tags to propagate to existing resources. Update existing federated roles to restrict privileges to provision resources that do not include the cost center and project ID on the resource.

Explanations:

Tag Editor can be used to apply tags to existing resources, but using cost allocation tags to define cost center and project ID alone will not enforce the tagging on future resources. The 24-hour propagation delay and lack of enforcement are limitations in this approach.

While using AWS Config to alert for untagged resources and Lambda to automate tagging sounds useful, it requires significant custom automation, and it does not ensure that tags are applied at resource creation or prevent creation of untapped resources from the start.

Tag Editor can be used to tag existing resources, and cost allocation tags can define the necessary cost center and project ID. Using SCPs (Service Control Policies) to enforce tagging requirements at the time of resource creation ensures future compliance. This is the most complete solution for visibility and enforcement.

Although using cost allocation tags is part of the solution, updating federated roles to restrict resource provisioning based on tags does not scale well and is less efficient compared to enforcing it with SCPs. This approach also doesn’t fully address existing untagged resources.

Leave a Reply

Your email address will not be published. Required fields are marked *

twenty + seven =