Which combination of steps should the solutions architect take to meet these requirements?

By:
In: SAP-C02
Tagged:
With: 1 Comment
A company has multiple lines of business (LOBs) that roll up to the parent company.The company has asked its solutions architect to develop a solution with the following requirements:• Produce a single AWS invoice for all of the AWS accounts used by its LOBs.• The costs for each LOB account should be broken out on the invoice.• Provide the ability to restrict services and features in the LOB accounts, as defined by the company’s governance policy.• Each LOB account should be delegated full administrator permissions, regardless of the governance policy.

Which combination of steps should the solutions architect take to meet these requirements?

(Choose two.)

Use AWS Organizations to create an organization in the parent account for each LOB. Then invite each LOB account to the appropriate organization.

Use AWS Organizations to create a single organization in the parent account. Then, invite each LOB’s AWS account to join the organization.

Implement service quotas to define the services and features that are permitted and apply the quotas to each LOB. as appropriate.

Create an SCP that allows only approved services and features, then apply the policy to the LOB accounts.

Enable consolidated billing in the parent account’s billing console and link the LOB accounts.

Explanations:

While creating separate organizations for each LOB might seem like a logical approach, it does not fulfill the requirement of producing a single AWS invoice or managing services effectively across all LOBs. A single organization structure is more suitable for consolidated billing.

Using AWS Organizations to create a single organization allows the parent account to consolidate billing for all LOB accounts. This meets the requirement of producing a single AWS invoice for all accounts while enabling visibility and management across the organization.

Service quotas define the limits for the usage of AWS services but do not provide the necessary governance policy enforcement across accounts. Service quotas alone do not restrict services or features effectively as specified in the requirements.

Creating a Service Control Policy (SCP) allows the company to restrict the services and features that can be used within the LOB accounts, aligning with the governance policy. This ensures that even with full administrative privileges, the LOB accounts operate within defined boundaries.

While enabling consolidated billing is a necessary step for producing a single invoice, it is not sufficient on its own to meet all the requirements, such as service restrictions and governance. It must be combined with SCPs for full compliance with the governance policy.

2025-10-10

1 Comment

  1. Gregory
    Author

    From my perspective, the answer is:
    Use AWS Organizations to create a single organization in the parent account. Then, invite each LOB’s AWS account to join the organization.

Leave a Reply

Your email address will not be published. Required fields are marked *

nineteen − twelve =