Explanation:
The correct answers are A and D. Option A suggests creating an AWS CloudFormation template with the 10 required AWS Config rules and deploying the template using CloudFormation StackSets in the security-01 account. Option D suggests creating another CloudFormation template to activate AWS Config and deploying it using CloudFormation StackSets in the security-01 account. This approach ensures that the AWS Config rules are consistently deployed across all accounts, and AWS Config is enabled automatically during the account creation process.
Ultimate access to all questions.
No comments yet.
A company manages a multi-account AWS environment within a single region using AWS Organizations. The management account is named management-01, and AWS Config is enabled across all accounts. The security-01 account is designated as the delegated administrator for AWS Config. Each account reports its compliance status to the security-01 account via an AWS Config aggregator. Account administrators can configure and manage their own AWS Config rules to meet unique compliance needs. A security engineer must implement a solution to automatically deploy a set of 10 AWS Config rules to all existing and future accounts in the organization, ensuring AWS Config is activated during account creation. Which two steps will fulfill these requirements?
A
Create an AWS CloudFormation template that contains the 10 required AWS Config rules. Deploy the template by using CloudFormation StackSets in the security-01 account.
B
Create a conformance pack that contains the 10 required AWS Config rules. Deploy the conformance pack from the security-01 account.
C
Create a conformance pack that contains the 10 required AWS Config rules. Deploy the conformance pack from the management-01 account.
D
Create an AWS CloudFormation template that will activate AWS Config. Deploy the template by using CloudFormation StackSets in the security-01 account.
E
Create an AWS CloudFormation template that will activate AWS Config. Deploy the template by using CloudFormation StackSets in the management-01 account.