ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 112 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 112
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A large mobile gaming company has successfully migrated all of its on-premises infrastructure to the AWS Cloud. A solutions architect is reviewing the environment to ensure that it was built according to the design and that it is running in alignment with the Well-Architected Framework.

While reviewing previous monthly costs in Cost Explorer, the solutions architect notices that the creation and subsequent termination of several large instance types account for a high proportion of the costs. The solutions architect finds out that the company’s developers are launching new Amazon EC2 instances as part of their testing and that the developers are not using the appropriate instance types.

The solutions architect must implement a control mechanism to limit the instance types that only the developers can launch.

Which solution will meet these requirements?

  • A. Create a desired-instance-type managed rule in AWS Config. Configure the rule with the instance types that are allowed. Attach the rule to an event to run each time a new EC2 instance is launched.
  • B. In the EC2 console, create a launch template that specifies the instance types that are allowed. Assign the launch template to the developers’ IAM accounts.
  • C. Create a new IAM policy. Specify the instance types that are allowed. Attach the policy to an IAM group that contains the IAM accounts for the developers
  • D. Use EC2 Image Builder to create an image pipeline for the developers and assist them in the creation of a golden image.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by masetromain at Jan. 15, 2023, 4:21 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
masetromain
Highly Voted 2 years, 4 months ago
Selected Answer: C
The correct answer is C. In this solution, a new IAM policy is created that specifies the allowed instance types. This policy is then attached to an IAM group that contains the IAM accounts for the developers. This will ensure that the developers can only launch instances of the specified types, thus limiting the costs associated with the creation and termination of large instances.
upvoted 15 times
masetromain
2 years, 4 months ago
A. Creating a desired-instance-type managed rule in AWS Config is not a sufficient solution, as it only identifies when an instance is launched with an unauthorized type, it does not prevent it. B. Creating a launch template that specifies the instance types that are allowed is not a sufficient solution, because it limits the instances types that can be launched in the EC2 console, but it does not prevent the launch of instances through the AWS SDK, AWS CLI, or other AWS services. D. Using EC2 Image Builder to create an image pipeline for the developers and assist them in the creation of a golden image is not a direct solution to the problem of limiting the instance types that only the developers can launch. It can be useful for creating standardize images for the developers, but it does not provide the necessary control mechanism to limit the instance types.
upvoted 12 times
...
...
gagol14
Highly Voted 1 year, 3 months ago
Selected Answer: C
{ "Sid": "limitedSize", "Effect": "Deny", "Action": "ec2:RunInstances", "Resource": "arn:aws:ec2:*:*:instance/*", "Condition": { "ForAnyValue:StringNotLike": { "ec2:InstanceType": [ "*.nano", "*.small", "*.micro", "*.medium" ] } } }
upvoted 6 times
...
amministrazione
Most Recent 8 months, 2 weeks ago
C. Create a new IAM policy. Specify the instance types that are allowed. Attach the policy to an IAM group that contains the IAM accounts for the developers
upvoted 1 times
...
cox1960
1 year, 3 months ago
"an IAM group that contains the IAM accounts" ???
upvoted 1 times
igor12ghsj577
1 year, 3 months ago
yes, in IAM group you have user IAM accounts.
upvoted 1 times
sse69
11 months, 1 week ago
You have IAM users...Not IAM "accounts". Bad wording here...
upvoted 2 times
...
...
...
career360guru
1 year, 4 months ago
Selected Answer: C
Option C
upvoted 1 times
...
NikkyDicky
1 year, 10 months ago
Selected Answer: C
Its a C
upvoted 1 times
...
Maria2023
1 year, 10 months ago
Selected Answer: C
The only technical achievable choices are A and C. However A will only identify the issue and will not prevent it. Even if we set up a remediation rule to terminate the instances immediately - that will cause more issues for the developers and unclear signals that something is wrong with the testing. So A remains the only possible option.
upvoted 2 times
Parimal1983
1 year, 10 months ago
C is the correct solution remained. Typo mistake in the comments.
upvoted 1 times
...
...
easytoo
1 year, 11 months ago
c-c-c-c-c-cc-c-c-cc-c-c-c-c-cc-
upvoted 1 times
...
mfsec
2 years, 1 month ago
Selected Answer: C
IAM policy..
upvoted 1 times
...
zozza2023
2 years, 3 months ago
Selected Answer: C
answer is C
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago