Exam AWS Certified Solutions Architect - Professional topic 1 question 495 discussion

BD A: While CloudFormation is a good start, remember this does not prevent changes after the stack has been deployed. B: This looks likely. C: This does not allow Finance to view the bill in a centralized manner which is a requirement. D: This is the best way to meet the security requirements. SCPs offer central control over the maximum available permissions for all accounts in your organization, allowing you to ensure your accounts stay within your organization’s access control guidelines. E: It’s best to use different accounts for dev\test and prod.

I would go for B, D.

The combination of options that meet the company's needs with the least effort is B and D. Option B suggests using AWS Organizations to create a new organization from a chosen payer account, establish an organizational unit hierarchy, and invite existing accounts to join the organization. This will provide centralized billing and payment while maintaining visibility into each group's spending. Option D suggests enabling all features of AWS Organizations and establishing appropriate service control policies (SCPs) that filter IAM permissions for sub-accounts. This will provide centralized control over IAM usage in all the company's accounts. By implementing both options B and D, the company can achieve centralized payment and cost allocation through AWS Organizations, while also maintaining centralized control over IAM usage through service control policies.

B and D are correct ans

B,D https://aws.amazon.com/organizations/faqs/

There are two requirements here - 1. Finance needs [ B ] 2. Security Teams needs [ D ]

B. Use AWS Organizations to create a new organization from a chosen payer account and define an organizational unit hierarchy. Invite the existing accounts to join the organization and create new accounts using Organizations. D. Enable all features of AWS Organizations and establish appropriate service control policies that filter IAM permissions for sub-accounts.

B,D is right

B correct - you will see cost allocated for each connected account D correct - "centralized mechanism to control IAM usage in all the company's accounts"

I'll go for B,D

It's B and D

Will go with C,D Tags, Cost Explorer and SCP

AWS Organization is ok for consolidated billing (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/useconsolidatedbilling-procedure.html), it's at account level but finance department need maintain visibility into each GROUP’s spending. That's why we need tag to solve this, also tag is a best pratices for cost allocation (https://d1.awsstatic.com/whitepapers/aws-tagging-best-practices.pdf#:~:text=Amazon%20Web%20Services%20allows%20customers,search%20for%2C%20and%20filter%20resources.)

I go with BD

Correct answer BD. Organization and SCP

https://aws.amazon.com/premiumsupport/knowledge-center/consolidated-linked-billing-report/ Show individual account usage in the organization... therefore C & D

B And D are the answers.