AWS Certified Solutions Architect - Associate

Get started today

Ultimate access to all questions.

Deep dive into the quiz with AI chat providers.

We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.

A company wants to move from many standalone AWS accounts to a consolidated, multi-account architecture. The company plans to create many new AWS accounts for different business units. The company needs to authenticate access to these AWS accounts by using a centralized corporate directory service.

Which combination of actions should a solutions architect recommend to meet these requirements? (Choose two.)

Other

Community

UAnonymous

Last updated: February 23, 2026 at 11:39

Create a new organization in AWS Organizations with all features turned on. Create the new AWS accounts in the organization.

Set up an Amazon Cognito identity pool. Configure AWS IAM Identity Center (AWS Single Sign-On) to accept Amazon Cognito authentication.

Configure a service control policy (SCP) to manage the AWS accounts. Add AWS IAM Identity Center (AWS Single Sign-On) to AWS Directory Service.

Create a new organization in AWS Organizations. Configure the organization's authentication mechanism to use AWS Directory Service directly.

Set up AWS IAM Identity Center (AWS Single Sign-On) in the organization. Configure IAM Identity Center, and integrate it with the company’s corporate directory service.

Explanation:

Explanation

Correct Answers: A and E

A. Create a new organization in AWS Organizations with all features turned on. Create the new AWS accounts in the organization.

AWS Organizations is the foundational service for managing multiple AWS accounts in a consolidated architecture
Creating a new organization with all features enabled provides centralized management capabilities
Creating new AWS accounts within the organization ensures they are properly structured and managed under the organization

E. Set up AWS IAM Identity Center (AWS Single Sign-On) in the organization. Configure IAM Identity Center, and integrate it with the company’s corporate directory service.

IAM Identity Center (formerly AWS SSO) provides centralized authentication and access management across multiple AWS accounts
It can integrate with corporate directory services (like Active Directory, Okta, etc.) for centralized authentication
This meets the requirement for using a centralized corporate directory service for authentication

Why other options are incorrect:

B. Set up an Amazon Cognito identity pool. Configure AWS IAM Identity Center (AWS Single Sign-On) to accept Amazon Cognito authentication.

Amazon Cognito is primarily for web and mobile application user authentication, not for centralized corporate directory integration
This approach adds unnecessary complexity and doesn't directly address corporate directory integration

C. Configure a service control policy (SCP) to manage the AWS accounts. Add AWS IAM Identity Center (AWS Single Sign-On) to AWS Directory Service.

SCPs are for permission boundaries, not for account creation or authentication setup
The phrasing "Add AWS IAM Identity Center to AWS Directory Service" is backwards - IAM Identity Center integrates with directory services

D. Create a new organization in AWS Organizations. Configure the organization's authentication mechanism to use AWS Directory Service directly.

AWS Organizations doesn't have a direct authentication mechanism that can use AWS Directory Service
Authentication is handled through IAM Identity Center or other identity providers, not directly through Organizations

Key Architecture Principles:

AWS Organizations provides the multi-account management framework
IAM Identity Center provides centralized authentication across accounts
Corporate Directory Integration enables using existing corporate credentials
SCPs can be added later for permission boundaries, but aren't required for authentication setup

Powered ByGPT-5.2

Comments

Loading comments...