Home › Forums › AWS › AWS Certified Solutions Architect Professional › tag enforcement question erratum › Reply To: tag enforcement question erratum
-
Hi gch99,
Thank you for your feedback.
The question asks “to identify instances with the missing tag and to prevent the creation of instances without the Project tag”
The options:
Apply an SCP to the AWS Organization that will deny the
ec2:RunInstances
action if the Project tag is not applied.and
Create an IAM policy on each project account that will deny the
ec2:RunInstances
action if the Project tag is not applied.will prevent users from provisioning instances without the Project tag.
While the option, Configure an AWS Config aggregator for the AWS organization to generate a list of all EC2 instances without the Project tag, will list the instances without the Project tag.
I have updated the choices and explanation to reflect this.
Hope this helps.
Let us know if you need further assistance. The Tutorials Dojo team is dedicated to helping you pass your AWS exam!
Regards,
Kenneth Samonte @ Tutorials Dojo