SAP-C02 Question #95: Real Exam Question with Answer & Explanation

Question

A large payroll company recently merged with a small staffing company. The unified company now has multiple business units, each with its own existing AWS account. A solutions architect must ensure that the company can centrally manage the billing and access policies for all the AWS accounts. The solutions architect configures AWS Organizations by sending an invitation to all member accounts of the company from a centralized management account. What should the solutions architect do next to meet these requirements?

Options

• ACreate the OrganizationAccountAccess IAM group in each member account. Include the
• BCreate the OrganizationAccountAccessPolicy IAM policy in each member account. Connect the
• CCreate the OrganizationAccountAccessRole IAM role in each member account. Grant permission
• DCreate the OrganizationAccountAccessRole IAM role in the management account. Attach the

Explanation

To centrally manage access policies in member accounts from the management account in AWS Organizations, an OrganizationAccountAccessRole must be present in each member account with a trust policy allowing the management account to assume it.

Common mistakes.

• A. IAM groups are used to manage permissions for users or roles within a single AWS account, not for establishing cross-account access from a management account to member accounts.
• B. While an IAM policy defines permissions, merely creating a policy in member accounts does not establish the cross-account trust relationship needed for the management account to assume administrative control.
• D. Creating an IAM role in the management account itself does not grant it access to member accounts; the role that grants cross-account access must reside in the target member account.

Concept tested. AWS Organizations cross-account access, IAM roles

Reference. https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html

No community discussion yet for this question.