Answer-first summary for fast verification
Answer: Set up an OrganizationAccountAccessRole IAM role in each member account, allowing the management account to assume this role and thereby manage permissions.
The correct answer is C. Establishing an OrganizationAccountAccessRole IAM role in each member account and granting the management account permission to assume this IAM role allows centralized management from the management account. This approach aligns with AWS best practices for using AWS Organizations to centrally manage billing, control access, and ensure consistent access policies across the member accounts. This setup simplifies management and auditing, ensuring a standardized role exists in all accounts for uniform access control.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A large payroll company has merged with a small staffing company, resulting in multiple business units each operating under their own AWS account. To facilitate centralized management of billing and access policies across all accounts, a solutions architect has configured AWS Organizations and sent invitations to all member accounts from a centralized management account. What is the next step the solutions architect should take to achieve centralized control over these accounts?
A
Establish an OrganizationAccountAccess IAM group within each member account, incorporating the requisite IAM roles for administration.
B
Develop an OrganizationAccountAccessPolicy IAM policy in every member account and link these accounts to the management account using cross-account access mechanisms.
C
Set up an OrganizationAccountAccessRole IAM role in each member account, allowing the management account to assume this role and thereby manage permissions.
D
Create an OrganizationAccountAccessRole IAM role within the management account, attach the AdministratorAccess AWS managed policy to it, and assign this role to the administrators across all member accounts.
No comments yet.