Implementing an Automated Solution for AWS Budget Compliance
Question
A company ensures compliance with its own corporate standards via AWS Service Catalog to govern and provision all infrastructure.
However, you have to implement an automated solution to avoid resource usage beyond the predefined budget.
Which statement is true about developing this solution?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: B.
The question highlights the use of AWS Service Catalog to govern all infrastructure and mentions a need to keep usage within a predefined budget.
AWS Config can record configuration changes to AWS Service Catalog products and rely on custom rules to trigger AWS Lambda functions with corrective actions.
If AWS Systems Manager Parameter Store is in place, it is possible to define a default, maximum and other limits to co-relate to regarding product instances.
Incorrect Answers:
Options A, C, D are incorrect because AWS Control Tower helps set up and govern a new, secure, multi-account AWS environment that is not the scenario in the question.
However, it is possible to use guardrails combined with AWS Organizations service control policies (SCPs) to prevent configuration changes and AWS Config rules to detect non-conformance continuously.
References:
https://go.aws/2xPIERn https://amzn.to/2LibQU9The task at hand is to develop an automated solution that ensures the company stays within its predefined budget by avoiding resource usage beyond the budget. The company currently uses AWS Service Catalog to govern and provision all infrastructure, which ensures compliance with its own corporate standards.
To address this requirement, the solution needs to perform the following:
- Detect and record configuration changes to provisioned AWS Service Catalog product instances.
- Keep track of the maximum number of instances of the same product.
- Automatically reconcile changes as corrective actions.
- Trigger corrective actions based on custom rules.
Options A, B, C, and D provide possible solutions for this task. Let's analyze each of them in detail to determine the best approach.
Option A:
Use AWS Control Tower to detect and record configuration changes to provisioned AWS Service Catalog product instances part of a portfolio and automatically reconcile changes as corrective actions. Rely on AWS Systems Manager Parameter Store to keep track and keep the limit of the maximum number of instances of the same product.
AWS Control Tower is a managed service that makes it easy to set up and govern a secure, compliant multi-account environment. It provides a central location for administrators to view and manage AWS accounts and resources consistently across the organization.
AWS Systems Manager Parameter Store is a managed service that provides secure, hierarchical storage for configuration data management and secrets management. It can be used to store application configurations, database connection strings, and other sensitive data.
Option A suggests using AWS Control Tower to detect and record configuration changes to provisioned AWS Service Catalog product instances and rely on AWS Systems Manager Parameter Store to keep track and limit the maximum number of instances of the same product. This approach could work, but it does not address the need to trigger corrective actions based on custom rules.
Option B:
Use AWS Config to record configuration changes to provisioned AWS Service Catalog product instances part of a portfolio and create custom rules to trigger corrective actions. Rely on AWS Systems Manager Parameter Store to keep track and keep the limit of the maximum number of instances of the same product.
AWS Config is a service that enables you to assess, audit, and evaluate the configurations of your AWS resources. It continuously monitors and records your AWS resource configurations and allows you to automate the evaluation of recorded configurations against desired configurations.
Option B suggests using AWS Config to record configuration changes to provisioned AWS Service Catalog product instances and create custom rules to trigger corrective actions. It also suggests relying on AWS Systems Manager Parameter Store to keep track and limit the maximum number of instances of the same product. This approach could work as it addresses all the requirements of the solution.
Option C:
Use AWS Control Tower to detect and record configuration changes to provisioned AWS Service Catalog product instances part of a portfolio and automatically reconcile changes as corrective actions and to keep track and keep the limit of the maximum number of instances of the same product.
Option C suggests using AWS Control Tower to detect and record configuration changes to provisioned AWS Service Catalog product instances and rely on the same service to automatically reconcile changes as corrective actions. It also suggests relying on AWS Systems Manager Parameter Store to keep track and limit the maximum number of instances of the same product. This approach could work, but it does not address the need to trigger corrective actions based on custom rules.
Option D:
Use AWS Config to record configuration changes to provisioned AWS Service Catalog product instances part of a portfolio and create custom rules to trigger corrective actions. Rely on AWS Control Tower to keep track and keep the limit of the maximum number of instances of the same product.
Option D suggests using AWS Config to record configuration changes to provisioned AWS Service Catalog product instances and create custom rules to trigger corrective actions. It also suggests relying on AWS Control Tower to keep track and limit the maximum number of instances of the same product. This approach could work, but it is not the
