Answer-first summary for fast verification
Answer: Integrate all AWS accounts into an AWS Organizations setup with full features activated., Formulate an SCP that disallows the ec2:PurchaseReservedInstancesOffering and ec2:ModifyReservedInstances actions, and apply this SCP to every organizational unit within the AWS structure.
The correct answers are A and D. Option A ensures that all AWS accounts are part of an organization in AWS Organizations with full features enabled, allowing centralized management and control. This helps in enforcing the new procurement process by having a dedicated team manage and enforce policies across all accounts. Option D involves creating a Service Control Policy (SCP) that denies the actions ec2:PurchaseReservedInstancesOffering and ec2:ModifyReservedInstances. Attaching this SCP to each Organizational Unit (OU) ensures that all business units comply with the new process. Options B and C are incorrect as they focus on AWS Config and IAM policies, which are used for monitoring and managing access within individual accounts rather than enforcing a centralized purchasing process. Option E is not relevant as it pertains to consolidated billing rather than enforcing procurement policies.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company with numerous AWS accounts has introduced a centralized procedure for acquiring and altering Reserved Instances. This new process mandates that all business units must forward their requests for Reserved Instance purchases or modifications to a specialized procurement team. Previously, these units independently managed their Reserved Instance transactions within their individual AWS accounts. To ensure the secure enforcement of this new process, what two actions should a solutions architect implement?
A
Integrate all AWS accounts into an AWS Organizations setup with full features activated.
B
Employ AWS Config to monitor the application of an IAM policy that prohibits the ec2:PurchaseReservedInstancesOffering and ec2:ModifyReservedInstances actions.
C
Develop an IAM policy in each AWS account that restricts the ec2:PurchaseReservedInstancesOffering and ec2:ModifyReservedInstances actions.
D
Formulate an SCP that disallows the ec2:PurchaseReservedInstancesOffering and ec2:ModifyReservedInstances actions, and apply this SCP to every organizational unit within the AWS structure.
E
Incorporate all AWS accounts into an AWS Organizations framework that leverages consolidated billing capabilities.