DOP-C02 · Question #486
DOP-C02 Question #486: Real Exam Question with Answer & Explanation
The correct answer is D: Create a new SCP. Include a conditional statement that uses a Null condition operator to. An SCP can enforce this requirement preventively across all member accounts by denying Lambda function creation or configuration updates when the VPC configuration is missing. Using a Null condition check on the Lambda VPC-related condition key blocks any CreateFunction or Update
Question
A company uses AWS Organizations, AWS Control Tower, AWS Config, and Terraform to manage its AWS accounts and resources. The company must ensure that users deploy only AWS Lambda functions that are connected to a VPC in member AWS accounts. Which solution will meet these requirements with the LEAST operational effort?
Options
- AConfigure AWS Control Tower to use proactive controls (guardrails). Enable the optional controls
- BCreate a new SCP. Include a conditional statement that uses a StringEquals condition operator to
- CCreate a custom rule in AWS Config to detect Lambda functions that are not connected to a VPC
- DCreate a new SCP. Include a conditional statement that uses a Null condition operator to
Explanation
An SCP can enforce this requirement preventively across all member accounts by denying Lambda function creation or configuration updates when the VPC configuration is missing. Using a Null condition check on the Lambda VPC-related condition key blocks any CreateFunction or UpdateFunctionConfiguration request that does not include VPC attachment details, ensuring only VPC-connected Lambda functions can be deployed with minimal ongoing management.
Topics
Community Discussion
No community discussion yet for this question.