Q: 8
A company has multiple development teams in different business units that work in a shared single
AWS account All Amazon EC2 resources that are created in the account must include tags that specify
who created the resources. The tagging must occur within the first hour of resource creation.
A DevOps engineer needs to add tags to the created resources that Include the user ID that created
the resource and the cost center ID The DevOps engineer configures an AWS Lambda function With
the cost center mappings to tag the resources. The DevOps engineer also sets up AWS CloudTrail in
the AWS account. An Amazon S3 bucket stores the CloudTrail event logs
Which solution will meet the tagging requirements?
Options
Discussion
D . EventBridge lets you catch those EC2 API calls from CloudTrail in near real time so tagging happens quickly and automatically. The other options don’t hook directly into resource creation events the way D does. Pretty sure this is the most efficient solution, but open to seeing if someone had luck with C.
D . EventBridge picks up the EC2 API calls from CloudTrail almost instantly and triggers Lambda, so tags are added within the first hour every time. C could work but would be slower and might not tag fast enough. Pretty sure D is what AWS recommends for this flow. Anyone see a scenario where C might fit better?
D . EventBridge hooks right into the CloudTrail events so tags get added right after EC2 creation, not waiting for a schedule.
Probably D here. EventBridge with CloudTrail triggers tagging almost right after creation, well within the hour window.
A is wrong, D. Official AWS docs and hands-on labs make this clear, EventBridge matches CloudTrail for near-instant tagging.
D not C. C is tempting if you just see "within an hour" but real-time tagging is the key and EventBridge triggers are much faster.
Had something like this in a mock and D matched the requirement best. EventBridge reacts to CloudTrail events almost instantly so tagging happens as soon as EC2 is created, not just every hour like C. Pretty sure it's D but open if I missed anything.
Maybe D. CloudTrail events to EventBridge fire right after EC2 creation, so tagging happens fast and reliably. C seems like a trap here, hourly Lambda could cut it close or waste cycles. I think D is right but open to other views.
That tracks with the official practice questions I've seen, D is correct. EventBridge rules fed by CloudTrail hit that "within an hour" SLA much more reliably than hourly scans. Anyone checking for tagging compliance on exam, the AWS docs cover this combo pretty well.
Why does C keep coming up? Hourly polling feels risky for the 1-hour tag SLA-D listens in real time, right?
Be respectful. No spam.
