Answer-first summary for fast verification
Answer: Use an AWS Service Catalog portfolio that contains EC2 products with appropriate AMIs that include only approved software. Grant the developers permission to access only the Service Catalog portfolio to launch a product in the software development account.
The correct answer is C. AWS Service Catalog allows you to create and manage catalogs of IT services that are approved for use on AWS, including specific AMIs with pre-approved software. By using a Service Catalog portfolio, the company can ensure that developers in the software development AWS account only have access to launch EC2 instances with the approved software. This solution is effective because it limits the available options to only those products in the catalog, thereby preventing the use of unapproved software.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company utilizes AWS Organizations to manage various AWS accounts for different departments including human resources, finance, software development, and production. All developers are part of the software development AWS account. Recently, the company identified that developers have initiated Amazon EC2 instances preloaded with unapproved software. To address this, the company seeks a solution that ensures developers can only launch EC2 instances with approved software within the software development AWS account. Which of the following solutions would effectively meet this requirement?
A
In the software development account, create AMIs of preconfigured instances that include only approved software. Include the AMI IDs in the condition section of an AWS CloudFormation template to launch the appropriate AMI based on the AWS Region. Provide the developers with the CloudFormation template to launch EC2 instances in the software development account.
B
Create an Amazon EventBridge rule that runs when any EC2 RunInstances API event occurs in the software development account. Specify AWS Systems Manager Run Command as a target of the rule. Configure Run Command to run a script that will install all approved software onto the instances that the developers launch.
C
Use an AWS Service Catalog portfolio that contains EC2 products with appropriate AMIs that include only approved software. Grant the developers permission to access only the Service Catalog portfolio to launch a product in the software development account.
D
In the management account, create AMIs of preconfigured instances that include only approved software. Use AWS CloudFormation StackSets to launch the AMIs across any AWS account in the organization. Grant the developers permission to launch the stack sets within the management account.