AWS Certified Advanced Networking - Specialty
Get started today
Ultimate access to all questions.
A network engineer is managing a large-scale migration from an on-premises data center to a multi-account environment based on AWS Control Tower. The environment includes a transit gateway deployed in a central network services account, which has been shared with an organization in AWS Organizations using AWS Resource Access Manager (AWS RAM). Additionally, a shared services account hosts workloads that need to be accessible across the entire organization.
The engineer must design a solution to automate the deployment of standard network components across the environment. This solution should provision a VPC for application workloads in each new and existing member account, ensuring these VPCs are connected to the transit gateway in the central network services account.
Which three steps should be combined to fulfill these requirements with minimal operational overhead?
A network engineer is managing a large-scale migration from an on-premises data center to a multi-account environment based on AWS Control Tower. The environment includes a transit gateway deployed in a central network services account, which has been shared with an organization in AWS Organizations using AWS Resource Access Manager (AWS RAM). Additionally, a shared services account hosts workloads that need to be accessible across the entire organization.
The engineer must design a solution to automate the deployment of standard network components across the environment. This solution should provision a VPC for application workloads in each new and existing member account, ensuring these VPCs are connected to the transit gateway in the central network services account.
Which three steps should be combined to fulfill these requirements with minimal operational overhead?
Explanation:
To automate the deployment of common network components across the environment with the least operational overhead, the following steps are recommended:
A. Deploying an AWS Lambda function to the shared services account allows for the automation of network infrastructure provisioning across new and existing member accounts. This function can assume a role in each account to perform necessary actions, ensuring a centralized and automated approach.
C. Creating an AWS CloudFormation template that describes the required infrastructure and uploading it as an AWS Service Catalog product to the shared services account enables standardized and repeatable deployments. This approach leverages AWS Service Catalog for managing and provisioning infrastructure as products, ensuring consistency across accounts.
D. Deploying an Amazon EventBridge rule on a default event bus in the shared services account to react to AWS Control Tower CreateManagedAccount lifecycle events and to invoke the AWS Lambda function ensures that the deployment process is automatically triggered upon the creation of new accounts. This integration between EventBridge and Lambda facilitates a seamless and automated response to account creation events, further reducing operational overhead.
These steps collectively provide a robust solution for automating the deployment of network components across the environment, leveraging AWS services for efficiency and scalability.