Ends in
00
hrs
00
mins
00
secs
SHOP NOW

MID-YEAR 24-Hour Bonus Sale - 25% OFF Any Reviewer. Use Coupon Code: TDMIDYEAR-2024

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Solutions Architect Professional Bonus Question Set 5 – Inconsistent explanation of correct vs. incorrect answers Reply To: Bonus Question Set 5 – Inconsistent explanation of correct vs. incorrect answers

  • JR-TutorialsDojo

    Administrator
    January 15, 2024 at 12:17 pm

    Hi sac,

    Thanks for your feedback.

    The key difference between the two approaches lies in the enforcement of the rules and the timing of their application.

    1. IAM Policy: An IAM policy that denies the ec2:runInstances action if the Project tag is not applied, is enforced at the time of resource creation. This means that if a user tries to create an EC2 instance without the required Project tag, the action will be denied and the resource will not be created. This is a proactive approach that prevents the creation of improperly tagged resources in the first place.

    2. AWS Config Rule: On the other hand, an AWS Config rule that flags any resources if the Project tag is not applied is a reactive approach. The rule checks for compliance after the resource has been created. If a resource is found to be non-compliant (i.e., it does not have the required Project tag), it is flagged for review. However, the resource is still created and may incur costs until it is reviewed and corrected.

    In this scenario, the goal is to prevent the creation of resources that do not have the required Project tag to ensure accurate cost reports. Therefore, applying an IAM policy that denies the creation of such resources is a more effective solution. The AWS Config rule, while useful for identifying non-compliant resources, does not prevent their creation and may result in inaccurate cost reports until the non-compliance is rectified.

    I hope this helps! Let me know if you have any further questions.

    Best Regards,
    JR @ Tutorials Dojo