What is the MOST operationally efficient configuration to meet these requirements?

By:
On:
In: SAP-C01
Tagged:
With: 0 Comments
A company has a policy that all Amazon EC2 instances that are running a database must exist within the same subnets in a shared VPC.Administrators must follow security compliance requirements and are not allowed to directly log in to the shared account.All company accounts are members of the same organization in AWS Organizations.The number of accounts will rapidly increase as the company grows.A solutions architect uses AWS Resource Access Manager to create a resource share in the shared account.

What is the MOST operationally efficient configuration to meet these requirements?

Add the VPC to the resource share. Add the account IDs as principals

Add all subnets within the VPC to the resource share. Add the account IDs as principals

Add all subnets within the VPC to the resource share. Add the organization as a principal

Add the VPC to the resource share. Add the organization as a principal

Explanations:

Adding only the VPC to the resource share would not expose individual subnets to the target accounts, preventing the database instances from launching in specific shared subnets.

Adding subnets and account IDs individually is not scalable as the number of accounts grows. This setup would require continuous manual updates to add new accounts.

Sharing subnets with the organization allows all current and future member accounts to use the specified subnets without individual account updates, achieving operational efficiency.

Sharing the VPC only would not grant access to specific subnets, which is needed for the database instances to meet the company policy.

Leave a Reply

Your email address will not be published. Required fields are marked *

1 × one =