AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 42

An organization has three AWS accounts with each containing VPCs in Virginia, Canada and the Sydney regions. The organization wants to determine whether all available Elastic IP addresses (EIPs) in these accounts are attached to Amazon EC2 instances or in use elastic network interfaces (ENIs) in all of the specified regions for compliance and cost-optimization purposes.
Which of the following meets the requirements with the LEAST management overhead?

Answer options

• A. Use an Amazon CloudWatch Events rule to schedule an AWS Lambda function in each account in all three regions to find the unattached and unused EIPs.
• B. Use a CloudWatch event bus to schedule Lambda functions in each account in all three regions to find the unattached and unused EIPs.
• C. Add an AWS managed, EIP-attached AWS Config rule in each region in all three accounts to find unattached and unused EIPs.
• D. Use AWS CloudFormation StackSets to deploy an AWS Config EIP-attached rule in all accounts and regions to find the unattached and unused EIPs.

Correct answer: C

Explanation

The correct answer is C because using an AWS managed Config rule simplifies the process of monitoring EIPs with minimal management overhead. Options A and B involve creating and scheduling Lambda functions, which require more management. Option D, while effective, introduces complexity by needing CloudFormation StackSets for deployment across accounts and regions.