Which combination of steps should be included in the solution?

By:
On:
In: SAP-C01
Tagged:
With: 0 Comments
A Solutions Architect is designing a multi-account structure that has 10 existing accounts.The design must meet the following requirements:✑ Consolidate all accounts into one organization.✑ Allow full access to the Amazon EC2 service from the master account and the secondary accounts.✑ Minimize the effort required to add additional secondary accounts.

Which combination of steps should be included in the solution?

(Choose two.)

Create an organization from the master account. Send invitations to the secondary accounts from the master account. Accept the invitations and create an OU.

Create an organization from the master account. Send a join request to the master account from each secondary account. Accept the requests and create an OU.

Create a VPC peering connection between the master account and the secondary accounts. Accept the request for the VPC peering connection.

Create a service control policy (SCP) that enables full EC2 access, and attach the policy to the OU.

Create a full EC2 access policy and map the policy to a role in each account. Trust every other account to assume the role.

Explanations:

Creating an organization from the master account and sending invitations to the secondary accounts allows for easy consolidation. Once the accounts accept the invitations, the organization can be structured with organizational units (OUs) for better management.

This option suggests that the secondary accounts send join requests to the master account. While it would allow joining the organization, it is not the typical or recommended method for account consolidation, as invitations from the master account are preferred for organizational hierarchy.

Creating a VPC peering connection is not relevant for consolidating accounts into an organization. It is a networking feature that connects VPCs, but it does not facilitate account management or access permissions across accounts.

Service Control Policies (SCPs) are essential in AWS Organizations for managing permissions across accounts. By creating an SCP that allows full EC2 access and attaching it to the OU, full access can be granted to the master and secondary accounts efficiently.

While creating a policy and mapping it to a role can allow for access, it requires more effort to manage roles and trust relationships across multiple accounts. SCPs provide a more centralized and simpler way to manage permissions across accounts in an organization.

Leave a Reply

Your email address will not be published. Required fields are marked *

three × 1 =