Which AWS service should be used to enforce and continually Identify all resources that are not in compliance with the policy?

A company has a new requirement stating that all resources In AWS must be tagged according to a set policy.

Which AWS service should be used to enforce and continually Identify all resources that are not in compliance with the policy?
A . AWS CloudTrail
B . Amazon Inspector
C . AWS Config
D . AWS Systems Manager

View Answer

Answer: C

Explanation:

Step-by-Step

Understand the Problem:

Enforce a policy that requires all AWS resources to be tagged according to company policy.

Continuously identify non-compliant resources.

Analyze the Requirements:

Implement a solution to monitor and enforce resource tagging compliance.

Evaluate the Options:

Option A: AWS CloudTrail.

Provides logging and monitoring of API calls but does not enforce tagging policies.

Option B: Amazon Inspector.

Primarily used for security assessments, not resource tagging compliance.

Option C: AWS Config.

Monitors and evaluates the configurations of AWS resources.

Can enforce compliance by using AWS Config rules to check resource tags.

Option D: AWS Systems Manager.

Provides operational insights and management but is not specifically designed for compliance enforcement.

Select the Best Solution:

Option C: AWS Config is designed for compliance and configuration monitoring, making it the ideal service for enforcing and identifying non-compliant resource tags.

Reference: AWS Config

Managing Resource Tag Compliance with AWS Config

AWS Config provides the necessary tools to enforce and monitor resource tagging compliance, ensuring all resources adhere to the set policy.