Q44 — AWS SAP-C02 Ch.2

Question 44 of 75 | ← Chapter 2

Q194. A company is designing an AWS Organizations structure. The company wants to standardize a process to apply tags across the entire organization. The company will require tags with specific values when a user creates a new resource. Each of the company's OUs will have unique tag values.Which solution will meet these requirements?

Correct Answer: A. Use an SCP to deny the creation of resources that do not have the required tags Create a tag policy that includes the tag values that the company has assigned to each OU. Attach the tag policies to the OUs

Explanation

To meet the requirements of standardizing a process to apply tags across the entire organization and enforce specific tag values for each OU, the correct solution is: A. Use an SCP (Service Control Policy) to deny the creation of resources that do not have the required tags. Create a tag policy that includes the tag values that the company has assigned to each OU. Attach the tag policies to the OUs. Let's break down why this solution works: SCPs in AWS Organizations allow you to centrally manage and enforce policies across the entire organization or specific organizational units (OUs).By using an SCP to deny the creation of resources without the required tags, you ensure that users cannot create resources without the necessary tagging.Creating a tag policy that includes the tag values assigned to each OU ensures that the tags are standardized and consistent across the organization.Attaching the tag policies to the OUs ensures that the policies are applied to the appropriate parts of the organization. Options B, C, and D do not meet the requirements fully: Option B attaches the tag policies to the management account, which does not enforce the policies on the OUs or their accounts.Option C allows the creation of resources only when they have the required tags, but it doesn't specify how to enforce unique tag values for each OU.Option D defines the list of tags but doesn't specify how to assign unique tag values to each OU or how to attach the SCP to enforce the tagging. Therefore, option A is the most appropriate solution to meet the company's requirements for standardizing and enforcing tagging across the entire organization.