ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 492 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 492
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company has multiple AWS accounts for development work. Some staff consistently use oversized Amazon EC2 instances, which causes the company to exceed the yearly budget for the development accounts. The company wants to centrally restrict the creation of AWS resources in these accounts.

Which solution will meet these requirements with the LEAST development effort?

  • A. Develop AWS Systems Manager templates that use an approved EC2 creation process. Use the approved Systems Manager templates to provision EC2 instances.
  • B. Use AWS Organizations to organize the accounts into organizational units (OUs). Define and attach a service control policy (SCP) to control the usage of EC2 instance types.
  • C. Configure an Amazon EventBridge rule that invokes an AWS Lambda function when an EC2 instance is created. Stop disallowed EC2 instance types.
  • D. Set up AWS Service Catalog products for the staff to create the allowed EC2 instance types. Ensure that staff can deploy EC2 instances only by using the Service Catalog products.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Efren at May 18, 2023, 10:38 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
alexandercamachop
Highly Voted 1 year ago
Selected Answer: B
Anytime you see Multiple AWS Accounts, and needs to consolidate is AWS Organization. Also anytime we need to restrict anything in an organization, it is SCP policies.
upvoted 7 times
...
cloudenthusiast
Highly Voted 1 year, 1 month ago
Selected Answer: B
AWS Organizations: AWS Organizations is a service that helps you centrally manage multiple AWS accounts. It enables you to group accounts into organizational units (OUs) and apply policies across those accounts. Service Control Policies (SCPs): SCPs in AWS Organizations allow you to define fine-grained permissions and restrictions at the account or OU level. By attaching an SCP to the development accounts, you can control the creation and usage of EC2 instance types. Least Development Effort: Option B requires minimal development effort as it leverages the built-in features of AWS Organizations and SCPs. You can define the SCP to restrict the use of oversized EC2 instance types and apply it to the appropriate OUs or accounts.
upvoted 5 times
...
omarshaban
Most Recent 5 months, 1 week ago
IN MY EXAM
upvoted 4 times
...
Cyberkayu
6 months, 1 week ago
Selected Answer: B
B. Multiple AWS account, consolidate under one AWS Organization, top down policy (SCP) to all member account to restrict EC2 Type.
upvoted 3 times
...
Guru4Cloud
10 months ago
Selected Answer: B
Use AWS Organizations to organize the accounts into organizational units (OUs). Define and attach a service control policy (SCP) to control the usage of EC2 instance types.
upvoted 3 times
...
Ale1973
10 months, 2 weeks ago
Selected Answer: D
I have a question regarding this answer, what do they mean by "development effort"?: If they mean the work it takes to implement the solution (using develop as implement), option B achieves the constraint with little administrative overhead (there is less to do to configure this option). If by "development effort", they mean less effort for the development team, when development team try to deploy instances and gets errors because they are not allowed, this generates overhead. In this case the best option is D. What did you think?
upvoted 2 times
pentium75
5 months, 3 weeks ago
"Development effort" = Develop the solution that the question asks for. We don't care about the developers whose permissions we want to restrict.
upvoted 4 times
...
...
TariqKipkemei
11 months, 2 weeks ago
Selected Answer: B
Use AWS Organizations to organize the accounts into organizational units (OUs). Define and attach a service control policy (SCP) to control the usage of EC2 instance types
upvoted 3 times
...
Blingy
1 year ago
BBBBBBBBB
upvoted 2 times
...
elmogy
1 year ago
Selected Answer: B
I would choose B The other options would require some level of programming or custom resource creation: A. Developing Systems Manager templates requires development effort C. Configuring EventBridge rules and Lambda functions requires development effort D. Creating Service Catalog products requires development effort to define the allowed EC2 configurations. Option B - Using Organizations service control policies - requires no custom development. It involves: Organizing accounts into OUs Creating an SCP that defines allowed/disallowed EC2 instance types Attaching the SCP to the appropriate OUs This is a native AWS service with a simple UI for defining and managing policies. No coding or resource creation is needed. So option B, using Organizations service control policies, will meet the requirements with the least development effort.
upvoted 4 times
...
Efren
1 year, 1 month ago
B for me as well
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago