🔥 3-day streak
AWS Certified DevOps Engineer - Professional159 / 204
Question 159 of 204

A financial services company requires that all EBS volumes be encrypted. A DevOps engineer must build automated remediation that detects when an unencrypted EBS volume is attached to a running EC2 instance and creates an encrypted copy, while ensuring the security team is notified for any volume that cannot be automatically remediated. AWS Config already has a rule (encrypted-volumes) evaluating compliance. The engineer wants the remediation to run only after Config marks a resource NON_COMPLIANT, and to gracefully handle failures without silently dropping them. Which approach BEST meets these requirements?

Reviewed for accuracy · Report an issueNext question