Which solution will meet these requirements?
Enable CloudWatch cross-account observability for the monitoring account. Deploy an AWS CloudFormation template provided by the monitoring account in each AWS account to share the data with the monitoring account.
Set up service control policies (SCPs) to provide access to CloudWatch in the monitoring account under the Organizations root organizational unit (OU).
Configure a new IAM user in the monitoring account. In each AWS account, configure an IAM policy to have access to query and visualize the CloudWatch data in the account. Attach the new IAM policy to the new IAM user.
Create a new IAM user in the monitoring account. Create cross-account IAM policies in each AWS account. Attach the IAM policies to the new IAM user.
Explanations:
Enabling CloudWatch cross-account observability allows the monitoring account to collect and visualize observability data from all member accounts. Deploying an AWS CloudFormation template in each account ensures that the necessary permissions and configurations are set up to share the data with the monitoring account, effectively meeting the requirement of centralized observability.
Service control policies (SCPs) are used to manage permissions at the organization level but do not provide the necessary mechanisms for cross-account data sharing. SCPs alone cannot enable observability or data sharing among accounts without the proper configurations or roles in place.
While configuring an IAM user in the monitoring account with IAM policies in each AWS account could allow data access, it does not facilitate the necessary data sharing required for observability. Each account would need to allow cross-account access explicitly, which is not accomplished merely through an IAM user setup.
Creating a new IAM user in the monitoring account and setting up cross-account IAM policies could allow some level of access; however, this method does not inherently enable the comprehensive observability needed for monitoring across accounts. It lacks the automation and standardization provided by CloudWatch cross-account observability, making it less effective for this purpose.