Answer-first summary for fast verification
Answer: Deploy an AWS Lambda function to the shared services account. Program the Lambda function to assume a role in the new and existing member accounts to provision the necessary network infrastructure., Create an AWS CloudFormation template that describes the infrastructure that needs to be created in each account. Upload the template as an AWS Service Catalog product to the shared services account., Deploy an Amazon EventBridge rule on a default event bus in the shared services account. Configure the EventBridge rule to react to AWS Control Tower CreateManagedAccount lifecycle events and to invoke the AWS Lambda function.
To automate the deployment of common network components across the environment with the least operational overhead, the following steps are recommended: A. Deploying an AWS Lambda function to the shared services account allows for the automation of network infrastructure provisioning across new and existing member accounts. This function can assume a role in each account to perform necessary actions, ensuring a centralized and automated approach. C. Creating an AWS CloudFormation template that describes the required infrastructure and uploading it as an AWS Service Catalog product to the shared services account enables standardized and repeatable deployments. This approach leverages AWS Service Catalog for managing and provisioning infrastructure as products, ensuring consistency across accounts. D. Deploying an Amazon EventBridge rule on a default event bus in the shared services account to react to AWS Control Tower CreateManagedAccount lifecycle events and to invoke the AWS Lambda function ensures that the deployment process is automatically triggered upon the creation of new accounts. This integration between EventBridge and Lambda facilitates a seamless and automated response to account creation events, further reducing operational overhead. These steps collectively provide a robust solution for automating the deployment of network components across the environment, leveraging AWS services for efficiency and scalability.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A network engineer is managing a large-scale migration from an on-premises data center to a multi-account environment based on AWS Control Tower. The environment includes a transit gateway deployed in a central network services account, which has been shared with an organization in AWS Organizations using AWS Resource Access Manager (AWS RAM). Additionally, a shared services account hosts workloads that need to be accessible across the entire organization.
The engineer must design a solution to automate the deployment of standard network components across the environment. This solution should provision a VPC for application workloads in each new and existing member account, ensuring these VPCs are connected to the transit gateway in the central network services account.
Which three steps should be combined to fulfill these requirements with minimal operational overhead?
A
Deploy an AWS Lambda function to the shared services account. Program the Lambda function to assume a role in the new and existing member accounts to provision the necessary network infrastructure.
B
Update the existing accounts with an Account Factory Customization (AFC). Select the same AFC when provisioning new accounts.
C
Create an AWS CloudFormation template that describes the infrastructure that needs to be created in each account. Upload the template as an AWS Service Catalog product to the shared services account.
D
Deploy an Amazon EventBridge rule on a default event bus in the shared services account. Configure the EventBridge rule to react to AWS Control Tower CreateManagedAccount lifecycle events and to invoke the AWS Lambda function.
E
Create an AWSControlTowerBiueprintAccess role in the shared services account.