exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 883 discussion

A company has deployed a multi-account strategy on AWS by using AWS Control Tower. The company has provided individual AWS accounts to each of its developers. The company wants to implement controls to limit AWS resource costs that the developers incur.

Which solution will meet these requirements with the LEAST operational overhead?

  • A. Instruct each developer to tag all their resources with a tag that has a key of CostCenter and a value of the developer's name. Use the required-tags AWS Config managed rule to check for the tag. Create an AWS Lambda function to terminate resources that do not have the tag. Configure AWS Cost Explorer to send a daily report to each developer to monitor their spending.
  • B. Use AWS Budgets to establish budgets for each developer account. Set up budget alerts for actual and forecast values to notify developers when they exceed or expect to exceed their assigned budget. Use AWS Budgets actions to apply a DenyAll policy to the developer's IAM role to prevent additional resources from being launched when the assigned budget is reached.
  • C. Use AWS Cost Explorer to monitor and report on costs for each developer account. Configure Cost Explorer to send a daily report to each developer to monitor their spending. Use AWS Cost Anomaly Detection to detect anomalous spending and provide alerts.
  • D. Use AWS Service Catalog to allow developers to launch resources within a limited cost range. Create AWS Lambda functions in each AWS account to stop running resources at the end of each work day. Configure the Lambda functions to resume the resources at the start of each work day.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
sandordini
Highly Voted 11 months ago
Selected Answer: B
My first instinct says B, but Im concerned about the central management abilities of AWS Budgets. It seems that even though it is not planned to be used primarily to control other accounts its still possible: "You can use actions to define an explicit response that you want to take when a budget exceeds its action threshold. You can trigger these alerts on actual or forecasted cost and usage budgets. 1. The management account sets the budget and threshold for the member account using budget filters. 2. When the budget threshold is breached, a budget action applies a restrictive SCP on the OU. So hopefully B :D
upvoted 5 times
...
Scheldon
Highly Voted 10 months ago
Selected Answer: B
AnswerB https://docs.aws.amazon.com/cost-management/latest/userguide/budgets-controls.html Taking into consideration that AWS Budgets is allowing to will inform you that you exceeded budged and execute actions like for example IAM actions to prevent running new resources in cloud, I think this option is a good and resonable move. In case of need budged can be always increased and "chains" disabled.
upvoted 5 times
...
LeonSauveterre
Most Recent 2 months, 4 weeks ago
Selected Answer: B
A - Tags help monitor costs, and AWS Config can enforce tagging rules, but manually tagging is TOO MUCH WORK. B - Preventive (aka not reactive) cost control, good. Too provocative? Yeah, maybe. Developers might experience disruption if they hit their budget limits unexpectedly, and then the cost a little over the budget might not seem like a problem anymore... BUT this is actually a preventive approach with "the LEAST operational overhead". C - "Daily reports" might be too late. D - It can limit resource usage during non-working hours, but overall, you gotta deal with high operational overhead.
upvoted 1 times
LeonSauveterre
2 months, 4 weeks ago
The gist is, when you reach the limit, you must be stopped. It's the only way to prevent unexpected expenses. Reports, monitors, analyses, logs, charts, they DON'T work.
upvoted 1 times
...
...
MatAlves
6 months, 1 week ago
Selected Answer: B
As beautifully explained in this article: https://docs.aws.amazon.com/cost-management/latest/userguide/budgets-controls.html
upvoted 2 times
...
NSA_Poker
9 months, 2 weeks ago
Selected Answer: B
(A) is eliminated. 'send a daily report to each developer' can be ignored. (C) is eliminated. 'detect anomalous spending' won't stop the spending. (D) is eliminated. 'stop running resources at the end of each work day' won't stop developers from mining bitcoin ($$$) the next day. (B) is correct. 'actions to apply a DenyAll policy..' is the only solution that will 'implement controls to limit AWS resource costs that the developers incur.'
upvoted 3 times
MatAlves
6 months, 1 week ago
I'd definitely be mining bitcoin the next day...
upvoted 3 times
...
...
f07ed8f
10 months, 1 week ago
Selected Answer: C
Seem AWS Budgets does not have DenyAll function but only Apply a custom Deny IAM policy that restricts the ability for a user, group, or role to provision additional Amazon EC2 resources
upvoted 2 times
...
BBR01
11 months ago
Selected Answer: C
B and D are too aggressive. A - "Instruct each developer", nope, too much operational work.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago