Explanation:
Option C is the correct approach as it involves a necessary review and potential adjustment of existing services to ensure compatibility with AWS Control Tower's governance model, which is crucial for a successful deployment.
Ultimate access to all questions.
Consider a scenario where you need to deploy AWS Control Tower in an existing AWS environment that includes multiple accounts and resources. What steps would you take to ensure a successful deployment, including which services might need to be deactivated or reconfigured?
A
Deploy AWS Control Tower without any changes to existing services and accounts.
B
Deactivate all existing IAM roles and policies before deploying AWS Control Tower.
C
Review and potentially decommission conflicting services or configurations that might interfere with AWS Control Tower's governance model, such as existing SCPs or IAM roles that conflict with Control Tower's guardrails.
D
Deploy AWS Control Tower and then manually reconfigure all existing services to align with Control Tower's settings.
No comments yet.