Ultimate access to all questions.
A company has adopted AWS for hosting a new application and requires a multi-account strategy. A DevOps engineer has established a new AWS account, an organization within AWS Organizations, and an organizational unit (OU) structure using AWS Control Tower. The engineer is tasked with implementing a solution that automatically deploys necessary resources for new accounts created via AWS Control Tower Account Factory. This solution must apply customized AWS CloudFormation templates and Service Control Policies (SCPs) tailored to each new account or OU. All OUs are enrolled in AWS Control Tower. Which solution offers the most automated approach to fulfill these requirements?
A
Use AWS Service Catalog in conjunction with AWS Control Tower. Develop portfolios and products within AWS Service Catalog. Assign specific permissions to provision these resources. Deploy SCPs using the AWS CLI and JSON documents.
B
Deploy CloudFormation stack sets utilizing the necessary templates. Activate automatic deployment. Deploy stack instances to the relevant accounts. Deploy a CloudFormation stack set to the organization's management account to apply SCPs.
C
Create an Amazon EventBridge rule to detect the CreateManagedAccount event. Set AWS Service Catalog as the target to deploy resources to any new accounts. Deploy SCPs using the AWS CLI and JSON documents.
D
Deploy the Customizations for AWS Control Tower (CfCT) solution. Utilize an AWS CodeCommit repository as the source. Within the repository, create a custom package that includes the CloudFormation templates and SCP JSON documents.