AWS Certified Solutions Architect - Professional
Get started today
Ultimate access to all questions.
Any Company has acquired numerous companies over the past few years. The CIO for Any Company would like to keep the resources for each acquired company separate. The CIO also would like to enforce a chargeback model where each company pays for the AWS services it uses The Solutions Architect is tasked with designing an AWS architecture that allows Any Company to achieve the following: Implementing a detailed chargeback mechanism to ensure that each company pays for the resources it uses. Any Company can pay for AWS services for all its companies through a single invoice. Developers in each acquired company have access to resources in their company only. Developers in an acquired company should not be able to affect resources in their company only. A single identity store is used to authenticate Developers across all companies. Which of the following approaches would meet these requirements? (Choose two.)
Any Company has acquired numerous companies over the past few years. The CIO for Any Company would like to keep the resources for each acquired company separate. The CIO also would like to enforce a chargeback model where each company pays for the AWS services it uses The Solutions Architect is tasked with designing an AWS architecture that allows Any Company to achieve the following: Implementing a detailed chargeback mechanism to ensure that each company pays for the resources it uses. Any Company can pay for AWS services for all its companies through a single invoice. Developers in each acquired company have access to resources in their company only. Developers in an acquired company should not be able to affect resources in their company only. A single identity store is used to authenticate Developers across all companies. Which of the following approaches would meet these requirements? (Choose two.)
Explanation:
A: Creating a multi-account strategy with an account per company allows for clear separation of resources and ensures that each company is responsible for its own costs. This approach aligns with the requirement for a detailed chargeback mechanism. Using consolidated billing, Any Company can receive a single invoice that aggregates the costs from all accounts, simplifying the payment process.
D: Creating a federated identity store against the company's Active Directory and setting up IAM roles with appropriate permissions allows developers to be authenticated using a single identity store. This meets the requirement for a single identity store to authenticate developers across all companies. By setting trust relationships with AWS and the identity store, and using AWS STS to grant access based on group membership, developers can be restricted to access only the resources in their respective companies, preventing any impact on resources in other companies.