nerdexam
ExamsSAA-C03Questions#218
AmazonAmazon

SAA-C03 · Question #218

SAA-C03 Question #218: Real Exam Question with Answer & Explanation

The correct answer is A: Use AWS Control Tower to set up an organization in AWS Organizations. Use AWS Control. A global company needs an automated solution to provision new AWS accounts on demand, including pre-configured IAM roles, AWS Config rules, and VPCs, with the least effort.

Submitted by khalil_dz· Mar 4, 2026Design Secure Architectures

Question

A global company is migrating its workloads from an on-premises data center to AWS. The AWS environment includes multiple AWS accounts. IAM roles. AWS Config rules, and a VPC. The company wants an automated process to provision new accounts on demand when the company's business units require new accounts. Which solution will meet these requirements with LEAST effort?

Options

  • AUse AWS Control Tower to set up an organization in AWS Organizations. Use AWS Control
  • BCreate an organization in AWS Organizations. Use the AWS CLI CreateAccount API action to
  • CCreate an AWS Lambda function that uses the AWS Organizations API to create new accounts.
  • DCreate an organization in AWS Organizations. Use AWS Step Functions to orchestrate the

Explanation

A global company needs an automated solution to provision new AWS accounts on demand, including pre-configured IAM roles, AWS Config rules, and VPCs, with the least effort.

Common mistakes.

  • B. Using the AWS CLI CreateAccount API action only creates the account; it does not automate the configuration of IAM roles, AWS Config rules, or VPCs within the new account, requiring significant additional manual or scripted effort.
  • C. Creating a custom AWS Lambda function to use the AWS Organizations API for account creation would require extensive development to implement and maintain all the desired configurations (IAM, Config, VPC) and governance, which is more effort than using a managed service like Control Tower.
  • D. While AWS Step Functions can orchestrate complex workflows, orchestrating the entire account provisioning process along with all baseline configurations (IAM, Config, VPC) from scratch would involve substantial custom development and ongoing maintenance, making it higher effort than AWS Control Tower.

Concept tested. Multi-account AWS environment provisioning and governance

Reference. https://docs.aws.amazon.com/controltower/latest/userguide/what-is-control-tower.html

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SAA-C03 PracticeBrowse All SAA-C03 Questions