Topic 1 Question 893
A company wants to isolate its workloads by creating an AWS account for each workload. The company needs a solution that centrally manages networking components for the workloads. The solution also must create accounts with automatic security controls (guardrails).
Which solution will meet these requirements with the LEAST operational overhead?
Use AWS Control Tower to deploy accounts. Create a networking account that has a VPC with private subnets and public subnets. Use AWS Resource Access Manager (AWS RAM) to share the subnets with the workload accounts.
Use AWS Organizations to deploy accounts. Create a networking account that has a VPC with private subnets and public subnets. Use AWS Resource Access Manager (AWS RAM) to share the subnets with the workload accounts.
Use AWS Control Tower to deploy accounts. Deploy a VPC in each workload account. Configure each VPC to route through an inspection VPC by using a transit gateway attachment.
Use AWS Organizations to deploy accounts. Deploy a VPC in each workload account. Configure each VPC to route through an inspection VPC by using a transit gateway attachment.
ユーザの投票
コメント(13)
- 正解だと思う選択肢: A
Statement:
- The solution also must create accounts with automatic security controls (guardrails).
https://docs.aws.amazon.com/controltower/latest/userguide/what-is-control-tower.html AWS Control Tower provides a pre-packaged set of guardrails (policies) and blueprints (best-practice configurations) to ensure that the environment complies with security and compliance standards. It’s designed to simplify the process of creating and managing a multi-account AWS environment while maintaining security and compliance.
👍 9bujuman2024/05/27 - 正解だと思う選択肢: B
It's a hard one. I'd go for B Several accounts in an org, with central mgmt > AWS Organization Sharing resources among accounts > AWS RAM AWS Organizations and RAM typically work well together... Happy to be challenged, of course.
👍 6sandordini2024/04/30 - 正解だと思う選択肢: A
Taking into consideration that AWS Control Tower is Orchestrator for AWS Organization which applies guardrails, I think A is a good choose.
https://docs.aws.amazon.com/controltower/latest/userguide/what-is-control-tower.html
👍 3Scheldon2024/05/23
シャッフルモード