Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 653 discussion

I'm not sure, but I think this question is from professional solution architect question pool. Please have a look at this one as well. https://www.examtopics.com/discussions/amazon/view/112780-exam-aws-certified-solutions-architect-professional-sap-c02/

A policy cannot look up "the cost center ID of the user who created the resource", we need Lambda to do that. Thus A is out. C would work but runs on a schedule which doesn't make sense (and we would temporarily have untagged resources). D tags resources "with a default value" which is not what we want.

SCP can not be used to Tag resources

B is my choice

The best solution that meets all the requirements is option B. Here's why: It can tag all resources created in a specific AWS account within the organization. It uses a Lambda function to look up the appropriate cost center from the RDS database, ensuring accurate tagging. The EventBridge rule reacting to CloudTrail events ensures that resources are tagged as they are created. This approach can dynamically tag each resource with the cost center ID of the user who created it.

I will vote for A

We need a solution, to automatically tag, also the existing resources. A,C, are more or less working solutions for new resources, but neither can do the tagging of existing resources. D would add a default tag instead of the specific CC.

A is right https://docs.aws.amazon.com/ko_kr/organizations/latest/userguide/orgs_tagging_abac.html

Answer is A, SCP handles the assignment, no need for a Lambda function, that's unnecessary t seems like Service Control Policies (SCPs) SCPs are a policy type that you can utilize to manage permissions across accounts in your AWS Organization. Using SCPs lets you ensure that your accounts stay within your organization’s access control guidelines. SCPs can be used along-side tag policies to ensure that the tags are applied at the resource creation time and remain attached to the resource.

the company still maintains the RDS, nowhere was asked to drop using it, therefore we shall use a solution that takes advantages of it.

I also choose A.

Company have Organization. A specific AWS account need to ensure all resources were tagged. Move this specific AWS account under the company OU, use SCP to enforce top down policies that every member account to adhere. Answer A.

sorry, i would choose B. because it allows you to tag resources as they are created, without requiring you to move existing resources.

This solution is the best way to meet the requirements of the company. It ensures that all resources in the specific AWS account are tagged with the cost center ID of the user who created the resource. It also allows the company to easily manage and enforce compliance with its tagging policies.

Create an AWS Lambda function to tag the resources after the Lambda function looks up the appropriate cost center from the RDS database. Configure an Amazon EventBridge rule that reacts to AWS CloudTrail events to invoke the Lambda function.

This solution utilizes AWS Lambda and Amazon EventBridge to automate the tagging process based on information from the RDS database and CloudTrail events. AWS Lambda Function: Create a Lambda function that can look up the cost center information from the RDS database and tag resources accordingly. Amazon EventBridge Rule: Set up an EventBridge rule to react to AWS CloudTrail events. The rule triggers the Lambda function whenever a resource is created, allowing dynamic tagging based on the cost center associated with the user in the RDS database. This solution provides automation, ensuring that resources are tagged appropriately with the cost center ID of the user who created the resource. It also allows for flexibility in updating cost center information without modifying the infrastructure.