Topic 1 Question 348
A DevOps engineer deployed multiple AWS accounts by using AWS Control Tower to support different business, technical, and administrative units in a company. A security team needs the DevOps engineer to automate AWS Control Tower guardrails for the company. The guardrails must be applied to all accounts in an OU of the company's organization in AWS Organizations.
The security team needs a solution that has version control and can be reviewed and rolled back if necessary. The security team will maintain the management of the solution in its OU. The security team wants to limit the type of guardrails that are allowed and allow only new guardrails that are approved by the security team.
Which solution will meet these requirements with the MOST operational efficiency?
Create individual AWS CloudFormation templates that align to a guardrail. Store the templates in an AWS CodeCommit repository. Create an AWS::ControlTower::EnableControl logical resource in the template for each OU in the organization. Configure an AWS Code Build project that an Amazon EventBridge rule will invoke for the security team's AWS CodeCommit changes.
Create individual AWS CloudFormation templates that align to a guardrail. Store the templates in an AWS CodeCommit repository. Create an AWS::ControlTower::EnableControl logical resource in the template for each account in the organization. Configure an AWS CodePipeline pipeline in the security team's account. Advise the security team to invoke the pipeline and provide these parameters when starting the pipeline.
Create individual AWS CloudFormation templates that align to a guardrail. Store the templates in an AWS CodeCommit repository. Create an AWS::ControlTower::EnableControl logical resource in the template for each OU in the organization. Configure an AWS CodePipeline pipeline in the security team's account that an Amazon EventBridge rule will invoke for the security team's CodeCommit changes.
Configure an AWS CodePipeline pipeline in the security team's account that an Amazon EventBridge rule will invoke for PutObject events to an Amazon S3 bucket. Create individual AWS CloudFormation templates that align to a guardrail. Store the templates in the S3 bucket. Create an AWS::ControlTower::EnableControl logical resource in the template for each OU in the organization.
ユーザの投票
コメント(2)
- 正解だと思う選択肢: C
Option C is the most efficient and scalable solution for automating AWS Control Tower guardrails while meeting the security team’s requirements for version control, approval, and rollback, with minimal operational overhead. It uses CodeCommit, CodePipeline, and EventBridge, leveraging the best AWS services for this purpose.
👍 4uncledana2024/11/19 - 正解だと思う選択肢: D
D is not right because solution should be like AWS CodePipeline pipeline must be invooked by security team commits. But in D, PutObject events to an Amazon S3 bucket is used to invoke CodePipeline. A is using AWS Code Build unnecesaarily on Amazon EventBridge rule. It does not say anything automated and involve manual efforts. B is completely manual steps mentioned in the line so can't be efficient.
C is completely automated so its a right answer.
👍 1c87b4332025/02/07
シャッフルモード