AWS Certified DevOps Engineer - Professional
Get started today
Ultimate access to all questions.
A DevOps engineer is tasked with implementing a consistent set of security measures across multiple AWS accounts organized under AWS Organizations. Each account is to be managed by separate teams with the AdministratorAccess policy. The requirement is to activate AWS CloudTrail and AWS Config in all AWS Regions for these accounts. While individual account administrators should not have the ability to alter or remove the foundational resources, they must be allowed to modify or remove their own CloudTrail trails and AWS Config rules. What is the most operationally efficient solution to achieve these security and administrative requirements?
A DevOps engineer is tasked with implementing a consistent set of security measures across multiple AWS accounts organized under AWS Organizations. Each account is to be managed by separate teams with the AdministratorAccess policy. The requirement is to activate AWS CloudTrail and AWS Config in all AWS Regions for these accounts. While individual account administrators should not have the ability to alter or remove the foundational resources, they must be allowed to modify or remove their own CloudTrail trails and AWS Config rules. What is the most operationally efficient solution to achieve these security and administrative requirements?
Exam-Like