SAP-C02 · Question #644
SAP-C02 Question #644: Real Exam Question with Answer & Explanation
The correct answer is B: Use AWS Organizations to create a new organization from a chosen payer account and define an. To address centralized billing and cost allocation, along with centralized IAM control with the least effort, use AWS Organizations to set up a new organization with OUs and enable all features to establish Service Control Policies (SCPs).
Question
A large company is migrating its entire IT portfolio to AWS. Each business unit in the company has a standalone AWS account that supports both development and test environments. New accounts to support production workloads will be needed soon. The finance department requires a centralized method for payment but must maintain visibility into each group's spending to allocate costs. The security team requires a centralized mechanism to control IAM usage in all the company's accounts. What combination of the following options meets the company's needs with the LEAST effort? (Choose two.)
Options
- AUse a collection of parameterized AWS CloudFormation templates defining common IAM
- BUse AWS Organizations to create a new organization from a chosen payer account and define an
- CRequire each business unit to use its own AWS accounts. Tag each AWS account appropriately
- DEnable all features of AWS Organizations and establish appropriate service control policies that
- EConsolidate all of the company's AWS accounts into a single AWS account. Use tags for billing
Explanation
To address centralized billing and cost allocation, along with centralized IAM control with the least effort, use AWS Organizations to set up a new organization with OUs and enable all features to establish Service Control Policies (SCPs).
Common mistakes.
- A. CloudFormation templates for IAM can automate policy creation but don't provide a centralized mechanism to control IAM usage across multiple accounts or consolidated billing.
- C. Requiring individual AWS accounts with tagging might help with cost allocation visibility but does not provide a centralized payment method or a centralized mechanism for controlling IAM usage across all accounts as efficiently as AWS Organizations.
- E. Consolidating all accounts into a single AWS account is generally not a best practice for large enterprises with distinct business units and environments, as it increases the blast radius and complicates access management compared to a multi-account strategy with Organizations.
Concept tested. AWS Organizations, consolidated billing, Service Control Policies
Reference. https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html, https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scp.html
Community Discussion
No community discussion yet for this question.