AWS Certified DevOps Engineer - Professional

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: In the organization's management account, create an AWS CloudFormation stack set to enable AWS Config. Configure the stack set to deploy automatically when an account is created through Organizations.

The correct answer is B. Using an AWS CloudFormation stack set to enable AWS Config is the best solution for automatically deploying AWS Config when a new account is created through AWS Organizations. This method ensures that AWS Config is consistently enabled across all new accounts without manual intervention. The stack set can be configured in the organization's management account and will automatically apply to new accounts, making it a scalable and efficient approach as the number of accounts grows.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

A company has fully enabled AWS Organizations with all features, managing 10 AWS accounts where AWS CloudTrail is already activated. The company is planning for significant growth, expecting to manage up to 500 AWS accounts within the next year, and intends to organize these accounts into multiple Organizational Units (OUs). Currently, AWS Config is enabled in all existing accounts within the organization. The DevOps team is required to develop a solution that will automatically enable AWS Config for any new AWS accounts created in the organization. What is the most appropriate solution to achieve this automation?

Exam-Like

Last updated: March 17, 2026 at 14:04

In the organization's management account, create an Amazon EventBridge rule that reacts to a CreateAccount API call. Configure the rule to invoke an AWS Lambda function that enables trusted access to AWS Config for the organization.

20.0%

In the organization's management account, create an AWS CloudFormation stack set to enable AWS Config. Configure the stack set to deploy automatically when an account is created through Organizations.

60.0%

In the organization's management account, create an SCP that allows the appropriate AWS Config API calls to enable AWS Config. Apply the SCP to the root-level OU.

20.0%

In the organization's management account, create an Amazon EventBridge rule that reacts to a CreateAccount API call. Configure the rule to invoke an AWS Systems Manager Automation runbook to enable AWS Config for the account.