Answer-first summary for fast verification
Answer: Create a new organization in AWS Organizations with all features turned on. Create the new AWS accounts in the organization., Set up AWS IAM Identity Center (AWS Single Sign-On) in the organization. Configure IAM Identity Center, and integrate it with the company’s corporate directory service.
## Explanation **Correct Answers: A and E** **A. Create a new organization in AWS Organizations with all features turned on. Create the new AWS accounts in the organization.** - AWS Organizations is the foundational service for managing multiple AWS accounts in a consolidated architecture - Creating a new organization with all features enabled provides centralized management capabilities - Creating new AWS accounts within the organization ensures they are properly structured and managed under the organization **E. Set up AWS IAM Identity Center (AWS Single Sign-On) in the organization. Configure IAM Identity Center, and integrate it with the company’s corporate directory service.** - IAM Identity Center (formerly AWS SSO) provides centralized authentication and access management across multiple AWS accounts - It can integrate with corporate directory services (like Active Directory, Okta, etc.) for centralized authentication - This meets the requirement for using a centralized corporate directory service for authentication **Why other options are incorrect:** **B. Set up an Amazon Cognito identity pool. Configure AWS IAM Identity Center (AWS Single Sign-On) to accept Amazon Cognito authentication.** - Amazon Cognito is primarily for web and mobile application user authentication, not for centralized corporate directory integration - This approach adds unnecessary complexity and doesn't directly address corporate directory integration **C. Configure a service control policy (SCP) to manage the AWS accounts. Add AWS IAM Identity Center (AWS Single Sign-On) to AWS Directory Service.** - SCPs are for permission boundaries, not for account creation or authentication setup - The phrasing "Add AWS IAM Identity Center to AWS Directory Service" is backwards - IAM Identity Center integrates with directory services **D. Create a new organization in AWS Organizations. Configure the organization's authentication mechanism to use AWS Directory Service directly.** - AWS Organizations doesn't have a direct authentication mechanism that can use AWS Directory Service - Authentication is handled through IAM Identity Center or other identity providers, not directly through Organizations **Key Architecture Principles:** 1. **AWS Organizations** provides the multi-account management framework 2. **IAM Identity Center** provides centralized authentication across accounts 3. **Corporate Directory Integration** enables using existing corporate credentials 4. **SCPs** can be added later for permission boundaries, but aren't required for authentication setup
Ultimate access to all questions.
No comments yet.
Author: LeetQuiz Editorial Team
A company wants to move from many standalone AWS accounts to a consolidated, multi-account architecture. The company plans to create many new AWS accounts for different business units. The company needs to authenticate access to these AWS accounts by using a centralized corporate directory service.
Which combination of actions should a solutions architect recommend to meet these requirements? (Choose two.)
A
Create a new organization in AWS Organizations with all features turned on. Create the new AWS accounts in the organization.
B
Set up an Amazon Cognito identity pool. Configure AWS IAM Identity Center (AWS Single Sign-On) to accept Amazon Cognito authentication.
C
Configure a service control policy (SCP) to manage the AWS accounts. Add AWS IAM Identity Center (AWS Single Sign-On) to AWS Directory Service.
D
Create a new organization in AWS Organizations. Configure the organization's authentication mechanism to use AWS Directory Service directly.
E
Set up AWS IAM Identity Center (AWS Single Sign-On) in the organization. Configure IAM Identity Center, and integrate it with the company’s corporate directory service.