Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 367 discussion

C is the Answer: This setup enables centralized management of member accounts from the management account. Administrators in the management account can assume the OrganizationAccountAccessRole in member accounts to perform necessary actions, aligning with AWS best practices for Organizations. It simplifies the management and auditing of various accounts and ensures a standardized role exists across all accounts for consistent access control.

C https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role

Option C is correct By creating an IAM role in each member account, you can define the specific permissions and controls for access to resources within that account. Granting permission to the management account to assume the IAM role allows administrators in one account to take control of another account, while still maintaining a centralized level of control. Option C is correct because it provides a way to: Centralize access to resources across multiple accounts Define specific permissions and controls for each account Allow administrators in one account to assume control of another account

Option C

Is it possible C ? Role in the each member account and management account just grant assume the role. How to implement it? @@

See: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html

Answer: C

OrganizationAccountAccessRole is created in the member accounts and this role can be assumed by IAM users in the Management account to perform any actions in member accounts. Answer C.

Answer: C https://fullbacksystems.com/aws_organizations/

Answer D. Be is not correct To centrally manage the billing and access policies for all the AWS accounts of a company that has multiple business units, each with its own existing AWS account, the following steps can be taken: 1.Create an organization in AWS Organizations. Set up AWS Control Tower, and turn on the strongly recommended controls (guardrails). Join all accounts to the organization. Categorize the AWS accounts into OUs. 2.Create the OrganizationAccountAccessRole IAM role in the management account. Attach the AdministratorAccess AWS managed policy to the IAM role. Assign the IAM role to the administrators in each member account

Option B is the correct solution because it creates the OrganizationAccountAccessPolicy IAM policy in each member account and connects the member accounts to the management account by using cross-account access. This will ensure that the company can centrally manage the billing and access policies for all the AWS accounts.

Answer: C