ExpertAWS SAP-C02 · Question 04 · Domain 1.4: Multi-Account Environment
An enterprise is setting up a new multi-account AWS environment using AWS Control Tower. They need to provision isolated environments for 50 different development teams. Each team requires a standard set of VPCs, IAM roles, and security tools. The provisioning process must be automated and self-service for the team leads. Which approach is MOST operationally efficient?
An enterprise is setting up a new multi-account AWS environment using AWS Control Tower. They need to provision isolated environments for 50 different development teams. Each team requires a standard set of VPCs, IAM roles, and security tools. The provisioning process must be automated and self-service for the team leads. Which approach is MOST operationally efficient?
Answer options:
Create an AWS Service Catalog portfolio containing AWS CloudFormation products for the standard environments. Grant team leads access to the portfolio to provision products.
Write a custom Python script using Boto3 that calls the AWS Organizations API to create accounts and deploy CloudFormation templates. Give team leads access to run the script.
Use AWS Systems Manager Automation runbooks to deploy the environments. Trigger the runbooks via Amazon EventBridge when a team lead creates a Jira ticket.
Provide team leads with AWS CloudFormation templates and AdministratorAccess to their respective OUs to deploy the resources manually.
How to approach this question
Full Answer
Common mistakes
Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 5
75 questions · hints · full answers · grading