Multiple Choice
A company currently has a single AWS account used by all project teams. The company is migrating to a multi-account strategy, where each project team will have its own account. The AWS IAM configuration must have the same roles and policies for each of the accounts. What is the MOST efficient way to implement and manage these new requirements?
A) Create a portfolio in the AWS Service Catalog for the IAM roles and policies. Have a specific product in the portfolio for each environment, project, and team that can be launched independently by each user.
B) Use AWS Organizations to create organizational units (OUs) for each group of projects and each team. Then leverage service control policies at the account level to restrict what services can used and what actions the users, groups, and roles can perform in those accounts.
C) Create an AWS Lambda script that leverages cross-account access to each AWS account, and create all the roles and policies needed using the IAM API and JSON documents stored in Amazon S3.
D) Create a single AWS CloudFormation template. Use CloudFormation StackSets to launch the CloudFormation template into each target account from the Administrator account.
Correct Answer:
Verified
Correct Answer:
Verified
Q877: Which of the following statements describes launch
Q878: In a hardware security module (HSM), what
Q879: A SysOps Administrator needs an Amazon EBS
Q880: A user needs to put sensitive data
Q881: A company's security policy states that connecting
Q883: An organization, which has the AWS account
Q884: A user has enabled session stickiness with
Q885: A company has an application database on
Q886: A user has launched an EC2 instance.
Q887: A company has several accounts between different