What should the solutions architect do to meet these requirements?

By:
In: SAA-C02
Tagged:
With: 0 Comments
A company develops applications in separate AWS accounts that are all part of an organization in AWS Organizations.An operations team creates an IAM user for each developer for a given application.As the company has grown, the number of applications has increased.Developers now work on several applications and need to view and access all their project accounts.A solutions architect must design a solution that minimizes the operational overhead for the operations team.

What should the solutions architect do to meet these requirements?

Implement AWS Single Sign-On for the organization.

Consolidate all the AWS accounts into a single account for all users and applications.

Use AWS CloudFormation StackSets to programmatically create IAM users in each account.

Create a shared services account. Create all the IAM users in the shared services account. Configure cross-account access roles with appropriate access to each account.

Explanations:

AWS Single Sign-On (SSO) enables centralized access management, allowing users to access multiple AWS accounts within an organization easily. It reduces operational overhead by simplifying user management and access.

Consolidating accounts increases security risks and limits isolation between applications, making it unsuitable for a multi-account structure. It also creates administrative challenges as the company grows.

CloudFormation StackSets can create resources across accounts, but managing individual IAM users this way increases complexity, as changes need to be managed across accounts, not reducing the operational overhead.

A shared services account with cross-account roles adds complexity and management overhead for access control, as the operations team would still manage roles and permissions for each account individually.

2025-01-05

Leave a Reply

Your email address will not be published. Required fields are marked *

three + eleven =