What should a SysOps administrator do to meet these requirements in the MOST operationally efficient way?
Use AWS CloudFormation Stack Sets to deploy stack instances that turn on AWS Config in all accounts and in all Regions.
Use AWS CloudFormation Stack Sets to deploy stack policies that turn on AWS Config in all accounts and in all Regions.
Use service control policies (SCPs) to configure AWS Config in all accounts and in all Regions.
Create a script that uses the AWS CLI to turn on AWS Config in all accounts in the organization. Run the script from the organization’s management account.
Explanations:
AWS CloudFormation StackSets can be used to deploy configurations across multiple accounts and Regions, allowing for the operationally efficient activation of AWS Config in all accounts and Regions.
Stack policies in CloudFormation are used to control what actions are allowed or denied during stack operations. They are not meant to enable or configure AWS Config in multiple accounts and Regions.
Service control policies (SCPs) are used to control access to AWS services at the organizational level, but they do not configure services like AWS Config. They cannot be used to turn on AWS Config.
Using a script with AWS CLI can work, but it is not the most efficient method. This approach would require manual management and would lack scalability compared to AWS CloudFormation StackSets.