A SysOps Administrator needs to create a replica of a company's existing AWS infrastructure in a new AWS account. Currently, an AWS Service Catalog portfolio is used to create and manage resources. What is the MOST efficient way to accomplish this?
A.
Create an AWS CloudFormation template to use the AWS Service Catalog portfolio in the new AWS account.
B.
Manually create an AWS Service Catalog portfolio in the new AWS account that duplicates the original portfolio.
C.
Run an AWS Lambda function to create a new AWS Service Catalog portfolio based on the output of the DescribePortfolio API operation.
D.
Share the AWS Service Catalog portfolio with the other AWS accounts and import the portfolio into the other AWS accounts.
D. Share the AWS Service Catalog portfolio with the other AWS accounts and import the portfolio into the other AWS accounts.
https://docs.aws.amazon.com/servicecatalog/latest/adminguide/catalogs_portfolios_sharing.html
They asking to create a replica of the companies infrastructure
Infrastructure can be VPC , Compute etc. Keep I'm mind that the request is to be most efficient. If selecting D as the option. That would mean you would need to share the SC portfolio with each account and still build the infrastructure
A seems much more efficient as it will allow you to reference the SC portfolio along with the infrastructure and just role it out using a CFT.
So my guess here is A based on this
A Service Catalog can contain Cloudformation template that creates the infrastructure.
Catalog administrators (administrators) – Manage a catalog of products (applications and services), organizing them into portfolios and granting access to end users. Catalog administrators prepare AWS CloudFormation templates, configure constraints, and manage IAM roles that are assigned to products to provide for advanced resource management.
https://docs.aws.amazon.com/servicecatalog/latest/adminguide/what-is_concepts.html
Option D leverages the sharing and importing capabilities of AWS Service Catalog, which is the most efficient way to replicate the portfolio and resources to the new AWS account.
https://docs.aws.amazon.com/servicecatalog/latest/adminguide/catalogs_portfolios_sharing.html
The way i see it is everything is set up in service catalog as per the question, all the sysops team needs to do it is share the portfolio which can be used to execute replication.
Checkout "Can I share my portfolio with other AWS accounts?" question in https://aws.amazon.com/servicecatalog/faqs/ The only thing needed is account ID to share with and ARN of portfolio. Therefore, the most efficient answer is D
for me it's D. Cuz you have to share portfolio before to be able to use it in another account and they have already created infrastructure in AWS Service Catalog (it means they have the CloudFormation Template setup). It's means they share the portfolio and in new account they will just deploy the infrastructure in way of a few clicks. SIMPLE
I think its D:
Q: Can I share my portfolio with other AWS accounts?
Yes. You can share your portfolios with users in one or more other AWS accounts. When you share your portfolio with other AWS accounts, you retain ownership and control of the portfolio. Only you can make changes, such as adding new products or updating products. You, and only you, can also “unshare” your portfolio at any time. Any products, or stacks, currently in use will continue to run until the stack owner decides to terminate them.
To share your portfolio, you specify the account ID you want to share with, and then send the Amazon Resource Number (ARN) of the portfolio to that account. The owner of that account can create a link to this shared portfolio, and then assign IAM users from that account to the portfolio. To help end users with discovery, you can curate a directory of portfolios.
https://aws.amazon.com/servicecatalog/faqs/
A -https://aws.amazon.com/blogs/mt/how-to-set-up-a-multi-region-multi-account-catalog-of-company-standard-aws-service-catalog-products/
"Before you share your products and portfolios to other accounts, you must decide whether you want to share a reference of the catalog or to deploy a copy of the catalog into each recipient account. Note that if you deploy a copy, you must redeploy if there are updates you want to propagate to the recipient accounts. You can use stack sets to deploy your catalog to many accounts at the same time."
I am going with A. Because if you share a portfolio, The imported portfolio isn't an independent copy. The products and constraints in the imported portfolio stay in sync with changes that you make to the shared portfolio, the original portfolio that you shared.
But how can you use a cloudformation template based on the portfolio if you didn't share the portfolio?
Also as @jaribu explains, you can have a full "template" available in your portfolio to create the landscape. And if templates are well done: mapping / conditions / parameters are used
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
nicat
Highly Voted 2 years, 7 months agoAWS_Noob
Highly Voted 2 years, 7 months agojaribu
2 years, 6 months agoAWS_Noob
2 years, 6 months agoalbert_kuo
Most Recent 9 months, 1 week agoFinger41
1 year, 9 months agoaidenpearce01
2 years, 1 month agoChirantan
2 years, 5 months agoabhishek_m_86
2 years, 5 months agobillcayman
2 years, 5 months agoNivNZ
2 years, 6 months agojackdryan
2 years, 6 months agoweril
2 years, 6 months agoMFDOOM
2 years, 6 months agoA3A3
2 years, 6 months agosmartassX
2 years, 6 months agoPolu
2 years, 6 months agoJimmy5
2 years, 6 months agoMegatonN
2 years, 6 months agokung07
2 years, 7 months agoAWSum1
2 years, 6 months ago