A company currently has a single AWS account used by all project teams. The company is migrating to a multi-account strategy, where each project team will have its own account. The AWS IAM configuration must have the same roles and policies for each of the accounts. What is the MOST efficient way to implement and manage these new requirements?
A) Create a portfolio in the AWS Service Catalog for the IAM roles and policies. Have a specific product in the portfolio for each environment, project, and team that can be launched independently by each user.
B) Use AWS Organizations to create organizational units (OUs) for each group of projects and each team. Then leverage service control policies at the account level to restrict what services can used and what actions the users, groups, and roles can perform in those accounts.
C) Create an AWS Lambda script that leverages cross-account access to each AWS account, and create all the roles and policies needed using the IAM API and JSON documents stored in Amazon S3.
D) Create a single AWS CloudFormation template. Use CloudFormation StackSets to launch the CloudFormation template into each target account from the Administrator account.
Correct Answer:
Verified
Q620: Which of the following is an incorrect
Q621: An Amazon EC2 instance is in a
Q622: A web application runs on Amazon EC2
Q623: A company is running a new promotion
Q624: A SysOps Administrator must find a way
Q626: A SysOps Administrator is using AWS CloudFormation
Q627: A company website hosts patches for software
Q628: A mobile application must allow users to
Q629: A company must share monthly report files
Q630: An organization has two AWS accounts: Development
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents