AWS Certified Solutions Architect Professional SAP-C02 Practice Question

The correct answer proposes using Service Control Policies (SCPs) to enforce tagging, activating the tags for cost allocation, and using the AWS Cost and Usage Report (CUR) with Amazon Athena for reporting. SCPs, applied at the AWS Organizations level, provide a scalable, preventive control by denying the creation of resources that lack the required tags. This is superior to reactive methods. Activating the custom tags as cost allocation tags is a necessary step to make them available in detailed billing reports like the CUR. Finally, querying the CUR data in Amazon S3 with Amazon Athena provides the most powerful and flexible mechanism for creating granular, custom cost allocation reports required for chargeback.

The option suggesting AWS Config rules is less effective because Config provides detective, not preventive, control. It identifies non-compliant resources after they have been created, potentially leading to untagged costs before remediation occurs. While useful for auditing, it does not prevent the issue at the source like an SCP does.

The option suggesting the use of IAM policies in each account is not scalable. Managing and ensuring consistency of hundreds of individual IAM policies across a large number of accounts would create significant operational overhead compared to a centralized SCP.

The option suggesting the use of AWS Resource Groups and the Tag Editor is inadequate for enforcement. These tools are primarily for organizing and acting on existing resources and do not prevent the creation of untagged resources. While Cost Explorer is useful for high-level analysis, it lacks the deep, customizable querying capabilities of Athena on CUR data needed for granular chargeback reports.