Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 147 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 147
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

AnyCompany is using AWS Organizations to create and manage multiple AWS accounts. AnyCompany recently acquired a smaller company, Example Corp. During the acquisition process, Example Corp's single AWS account joined AnyCompany's management account through an Organizations invitation. AnyCompany moved the new member account under an OU that is dedicated to Example Corp.

AnyCompany's DevOps engineer has an IAM user that assumes a role that is named OrganizationAccountAccessRole to access member accounts. This role is configured with a full access policy. When the DevOps engineer tries to use the AWS Management Console to assume the role in Example Corp's new member account, the DevOps engineer receives the following error message: "Invalid information in one or more fields. Check your information or contact your administrator."

Which solution will give the DevOps engineer access to the new member account?

  • A. In the management account, grant the DevOps engineer's IAM user permission to assume the OrganizationAccountAccessRole IAM role in the new member account.
  • B. In the management account, create a new SCP. In the SCP, grant the DevOps engineer's IAM user full access to all resources in the new member account. Attach the SCP to the OU that contains the new member account.
  • C. In the new member account, create a new IAM role that is named OrganizationAccountAccessRole. Attach the AdministratorAccess AWS managed policy to the role. In the role's trust policy, grant the management account permission to assume the role.
  • D. In the new member account, edit the trust policy for the OrganizationAccountAccessRole IAM role. Grant the management account permission to assume the role.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by vandergun at Nov. 23, 2023, 10 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
VerRi
1 week, 1 day ago
Selected Answer: D
"IAM user that assumes a role that is named OrganizationAccountAccessRole", the role is already there
upvoted 1 times
...
heff_bezos
1 month, 3 weeks ago
Selected Answer: D
The question states that the role already exists with full access policy. This role exists in the new member account. We need the IAM user from the management account the ability to assume it.
upvoted 1 times
...
aws_god
2 months ago
Selected Answer: D
This role is created by default in member accounts. See: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html
upvoted 1 times
heff_bezos
1 month, 3 weeks ago
"By default, if you create a member account as part of your organization, AWS automatically creates a role in the account that grants administrator permissions to IAM users in the management account who can assume the role. By default, that role is named OrganizationAccountAccessRole" https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create-cross-account-role.html
upvoted 1 times
...
...
c3518fc
6 months, 3 weeks ago
Selected Answer: C
To create an AWS Organizations administrator role in a member account Sign in to the IAM console at https://console.aws.amazon.com/iam/. You must sign in as an IAM user, assume an IAM role, or sign in as the root user (not recommended) in the member account. The user or role must have permission to create IAM roles and policies. In the IAM console, navigate to Roles and then choose Create role. Choose AWS account, and then select Another AWS account. Enter the 12-digit account ID number of the management account that you want to grant administrator access to. Under Options, please note the following: On the Add permissions page, choose the AWS managed policy named AdministratorAccess and then choose. https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role
upvoted 3 times
...
Andy11234912
7 months, 1 week ago
Selected Answer: D
not c, the role is already created
upvoted 1 times
Jay_2pt0_1
4 months, 4 weeks ago
From reading the question, I'm not sure.
upvoted 1 times
...
...
sirronido
7 months, 1 week ago
D.. the role is already created, what is needed is just update the trust policy
upvoted 1 times
...
DanShone
8 months ago
C is correct
upvoted 1 times
...
thanhnv142
9 months, 1 week ago
Selected Answer: C
C is correct: <assume the role in Example Corp's new member account> means this role has not been properly configured (or even not created) A: only mention assuming the role, not create it. B: scp has nothing to do here D: only mention create trust relationship
upvoted 4 times
...
twogyt
10 months ago
Selected Answer: C
C is correct
upvoted 3 times
...
zain1258
11 months, 3 weeks ago
Selected Answer: C
C is correct
upvoted 3 times
...
radev
11 months, 3 weeks ago
Selected Answer: C
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role
upvoted 4 times
...
tom_cat
11 months, 3 weeks ago
For invited accounts the OrganizationAccountAccessRole needs to be created: Member accounts that you invite to join your organization do not automatically get an administrator role created. You have to do this manually, as shown in the following procedure. This essentially duplicates the role automatically set up for created accounts. We recommend that you use the same name, OrganizationAccountAccessRole, for your manually created roles for consistency and ease of remembering.
upvoted 2 times
tom_cat
11 months, 3 weeks ago
So I believe it's C.
upvoted 2 times
...
...
vandergun
11 months, 3 weeks ago
Selected Answer: A
A should be correct
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel