A company has fully enabled AWS Organizations with all features, managing 10 AWS accounts where AWS CloudTrail is already activated. The company is planning for significant growth, expecting to manage up to 500 AWS accounts within the next year, and intends to organize these accounts into multiple Organizational Units (OUs). Currently, AWS Config is enabled in all existing accounts within the organization. The DevOps team is required to develop a solution that will automatically enable AWS Config for any new AWS accounts created in the organization. What is the most appropriate solution to achieve this automation?

Exam-Like

In the organization's management account, create an Amazon EventBridge rule that reacts to a CreateAccount API call. Configure the rule to invoke an AWS Lambda function that enables trusted access to AWS Config for the organization.

20.0%

In the organization's management account, create an AWS CloudFormation stack set to enable AWS Config. Configure the stack set to deploy automatically when an account is created through Organizations.

60.0%

In the organization's management account, create an SCP that allows the appropriate AWS Config API calls to enable AWS Config. Apply the SCP to the root-level OU.

20.0%

In the organization's management account, create an Amazon EventBridge rule that reacts to a CreateAccount API call. Configure the rule to invoke an AWS Systems Manager Automation runbook to enable AWS Config for the account.

0.0%

AWS Certified DevOps Engineer - Professional

Comments

Get started today