Topic 1 Question 492
A company has multiple AWS accounts for development work. Some staff consistently use oversized Amazon EC2 instances, which causes the company to exceed the yearly budget for the development accounts. The company wants to centrally restrict the creation of AWS resources in these accounts.
Which solution will meet these requirements with the LEAST development effort?
Develop AWS Systems Manager templates that use an approved EC2 creation process. Use the approved Systems Manager templates to provision EC2 instances.
Use AWS Organizations to organize the accounts into organizational units (OUs). Define and attach a service control policy (SCP) to control the usage of EC2 instance types.
Configure an Amazon EventBridge rule that invokes an AWS Lambda function when an EC2 instance is created. Stop disallowed EC2 instance types.
Set up AWS Service Catalog products for the staff to create the allowed EC2 instance types. Ensure that staff can deploy EC2 instances only by using the Service Catalog products.
ユーザの投票
コメント(5)
- 正解だと思う選択肢: B
AWS Organizations: AWS Organizations is a service that helps you centrally manage multiple AWS accounts. It enables you to group accounts into organizational units (OUs) and apply policies across those accounts.
Service Control Policies (SCPs): SCPs in AWS Organizations allow you to define fine-grained permissions and restrictions at the account or OU level. By attaching an SCP to the development accounts, you can control the creation and usage of EC2 instance types.
Least Development Effort: Option B requires minimal development effort as it leverages the built-in features of AWS Organizations and SCPs. You can define the SCP to restrict the use of oversized EC2 instance types and apply it to the appropriate OUs or accounts.
👍 3LONGMEN2023/05/18 - 正解だと思う選択肢: B
I would choose B The other options would require some level of programming or custom resource creation: A. Developing Systems Manager templates requires development effort C. Configuring EventBridge rules and Lambda functions requires development effort D. Creating Service Catalog products requires development effort to define the allowed EC2 configurations.
Option B - Using Organizations service control policies - requires no custom development. It involves: Organizing accounts into OUs Creating an SCP that defines allowed/disallowed EC2 instance types Attaching the SCP to the appropriate OUs This is a native AWS service with a simple UI for defining and managing policies. No coding or resource creation is needed. So option B, using Organizations service control policies, will meet the requirements with the least development effort.
👍 3elmogy2023/05/28 B for me as well
👍 1Efren2023/05/18
シャッフルモード