Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SAP-C02 Exam - Topic 3 Question 57 Discussion

A large mobile gaming company has successfully migrated all of its on-premises infrastructure tothe AWS Cloud. A solutions architect is reviewing the environment to ensure that it was built according to the design and that it is running in alignment with the Well-Architected Framework.While reviewing previous monthly costs in Cost Explorer, the solutions architect notices that the creation and subsequent termination of several large instance types account for a high proportion of the costs. The solutions architect finds out that the company's developers are launching new Amazon EC2 instances as part of their testing and that the developers are not using the appropriate instance types.The solutions architect must implement a control mechanism to limit the instance types that only the developers can launch.Which solution will meet these requirements?
C) Create a new IAM policy. Specify the instance types that are allowed. Attach the policy to an IAM group that contains the IAM accounts for the developers
A) Create a desired-instance-type managed rule in AWS Config. Configure the rule with the instance types that are allowed. Attach the rule to an event to run each time a new EC2 instance is launched.
B) In the EC2 console, create a launch template that specifies the instance types that are allowed. Assign the launch template to the developers' IAM accounts.
D) Use EC2 Image Builder to create an image pipeline for the developers and assist them in the creation of a golden image.

Amazon SAP-C02 Exam - Topic 3 Question 57 Discussion

Actual exam question for Amazon's SAP-C02 exam
Question #: 57
Topic #: 3
[All SAP-C02 Questions]

A large mobile gaming company has successfully migrated all of its on-premises infrastructure tothe AWS Cloud. A solutions architect is reviewing the environment to ensure that it was built according to the design and that it is running in alignment with the Well-Architected Framework.

While reviewing previous monthly costs in Cost Explorer, the solutions architect notices that the creation and subsequent termination of several large instance types account for a high proportion of the costs. The solutions architect finds out that the company's developers are launching new Amazon EC2 instances as part of their testing and that the developers are not using the appropriate instance types.

The solutions architect must implement a control mechanism to limit the instance types that only the developers can launch.

Which solution will meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: C

This is doable with IAM policy creation to restrict users to specific instance types. Found the below article.https://blog.vizuri.com/limiting-allowed-aws-instance-type-with-iam-policy


by Irene at Jul 13, 2025, 04:19 PM

Limited Time Offer

25%

Off

Get Premium SAP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Twana
6 months ago
Wait, they were using large instances for testing? That's wild!
upvoted 0 times
...
Stephania
6 months ago
I think B is better since it directly controls what they can launch.
upvoted 0 times
...
Devorah
6 months ago
C seems too restrictive, might limit flexibility for testing.
upvoted 0 times
...
Apolonia
6 months ago
D doesn't really address the instance type issue, though.
upvoted 0 times
...
Ashanti
6 months ago
Option A sounds solid for monitoring instance types!
upvoted 0 times
...
Bea
7 months ago
I don't think EC2 Image Builder is relevant here since it's more about creating images rather than controlling instance types.
upvoted 0 times
...
Jose
7 months ago
I feel like the AWS Config rule option might be the most automated solution, but I can't recall if it applies directly to instance types.
upvoted 0 times
...
Amie
7 months ago
I think creating a launch template could work, but I wonder if it would be flexible enough for different testing scenarios.
upvoted 0 times
...
Paris
7 months ago
I remember we discussed using IAM policies to restrict resources, but I'm not sure if that's the best approach here.
upvoted 0 times
...
Noble
7 months ago
I'm feeling pretty confident about this one. The key is to implement a control mechanism to limit the instance types that the developers can launch. Option A with the AWS Config rule seems like the most straightforward solution to me.
upvoted 0 times
...
Chauncey
8 months ago
Option C looks promising - creating an IAM policy to specify the allowed instance types and attaching it to the developers' IAM group. That way, the policy will be applied consistently across all the developers.
upvoted 0 times
...
Olene
8 months ago
Hmm, I'm a bit confused here. There are a few different options, and I'm not sure which one is the best approach. I might need to re-read the question and think through the pros and cons of each solution.
upvoted 0 times
...
Sue
8 months ago
This seems like a straightforward question about controlling instance types for developers. I think I'll go with option B - creating a launch template and assigning it to the developers' IAM accounts. That way, they can only launch the approved instance types.
upvoted 0 times
...
Freeman
10 months ago
I'm not sure, I think option B could also work by assigning launch templates to developers' IAM accounts.
upvoted 0 times
...
Derick
10 months ago
I agree with Elenore, creating a managed rule in AWS Config seems like a good way to limit instance types.
upvoted 0 times
...
Elenore
10 months ago
I think option A is the best solution.
upvoted 0 times
...
Mila
10 months ago
If I was a developer, I'd definitely try to sneak in a few extra-large instances for my 'testing'. Option C is the sensible choice here.
upvoted 0 times
...
Scarlet
10 months ago
Haha, developers and their thirst for the biggest and baddest instances. Option C is the way to go - put them on a leash!
upvoted 0 times
...
Lea
10 months ago
Option D with EC2 Image Builder is an interesting approach, but it might be overkill for just controlling instance types. The other options seem more efficient.
upvoted 0 times
...
Edna
10 months ago
I like the simplicity of Option B. Using a launch template to control the allowed instance types is a neat way to enforce the policy.
upvoted 0 times
Mickie
8 months ago
Yeah, it's a practical approach to ensure they stick to the approved instance types.
upvoted 0 times
...
Azalee
8 months ago
I agree, it seems like a straightforward solution to limit the developers' choices.
upvoted 0 times
...
Alyce
10 months ago
Option B is a good choice. Launch templates can definitely help control the allowed instance types.
upvoted 0 times
...
...
Pamella
11 months ago
Option C seems the most straightforward way to limit the instance types that developers can launch. Attaching a policy directly to their IAM accounts is a clean solution.
upvoted 0 times
Keith
10 months ago
I agree, creating a new IAM policy and attaching it to an IAM group for developers would provide a clear restriction on the instance types they can launch.
upvoted 0 times
...
Stefanie
10 months ago
Option C seems the most straightforward way to limit the instance types that developers can launch. Attaching a policy directly to their IAM accounts is a clean solution.
upvoted 0 times
...
...

Save Cancel