Answer-first summary for fast verification
Answer: Leverage AWS Organizations to form a new organizational structure with a designated payer account, inviting existing accounts to join and creating new ones within the organization to facilitate centralized management and billing., Activate all features of AWS Organizations and define service control policies to regulate IAM permissions for subordinate accounts, ensuring consistent security policies across the organization.
The best combination to meet the company's needs with the least effort are options B and D. Option B involves using AWS Organizations to create a hierarchical structure where accounts can be managed centrally, which simplifies billing and streamlines finance department requirements. Option D involves enabling all features of AWS Organizations and establishing service control policies to filter IAM permissions for sub-accounts, addressing the security team's requirement for centralized IAM control. Together, these options provide a comprehensive solution for centralized billing and security management across multiple AWS accounts.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A large company is transitioning its entire IT infrastructure to AWS, with each business unit maintaining separate AWS accounts for development and testing. As production workloads require new accounts, the finance department seeks a centralized billing solution with detailed cost visibility for accurate allocation. Simultaneously, the security team needs a unified approach to manage IAM permissions across all accounts. Which two options provide the most efficient solution to these requirements?
A
Implement a set of parameterized AWS CloudFormation templates to standardize IAM permissions across accounts, mandating the deployment of these templates in all new and existing accounts to uphold the principle of least privilege.
B
Leverage AWS Organizations to form a new organizational structure with a designated payer account, inviting existing accounts to join and creating new ones within the organization to facilitate centralized management and billing.
C
Maintain individual AWS accounts for each business unit, applying appropriate tags to each account and utilizing Cost Explorer for precise cost tracking and chargeback purposes.
D
Activate all features of AWS Organizations and define service control policies to regulate IAM permissions for subordinate accounts, ensuring consistent security policies across the organization.
E
Merge all company AWS accounts into a single account, utilizing tagging for billing clarity and employing IAM’s Access Advisor feature to enforce a least privilege access model.