SAP-C02 第 367 题
题目
A large payroll company recently merged with a small staffing company. The unified company now has multiple business units, each with its own existing AWS account. A solutions architect must ensure that the company can centrally manage the billing and access policies for all the AWS accounts. The solutions architect configures AWS Organizations by sending an invitation to all member accounts of the company from a centralized management account. What should the solutions architect do next to meet these requirements?
中文翻译:
一家大型薪资公司最近与一家小型人力资源公司合并。合并后的公司现在拥有多个业务部门,每个部门都有自己的现有 AWS 账户。解决方案架构师必须确保公司可以集中管理所有 AWS 账户的计费和访问策略。解决方案架构师通过从集中管理账户向公司的所有成员账户发送邀请来配置 AWS Organizations。解决方案架构师接下来应该做什么来满足这些要求?
选项
A. Create the OrganizationAccountAccess IAM group in each member account. Include the necessary IAM roles for each administrator.
中文翻译:
在每个成员账户中创建 OrganizationAccountAccess IAM 组。包括每个管理员必需的 IAM 角色。
B. Create the OrganizationAccountAccessPolicy IAM policy in each member account. Connect the member accounts to the management account by using cross-account access.
中文翻译:
在每个成员账户中创建 OrganizationAccountAccessPolicy IAM 策略。使用跨账户访问将成员账户连接到管理账户。
C. Create the OrganizationAccountAccessRole IAM role in each member account. Grant permission to the management account to assume the IAM role.
中文翻译:
在每个成员账户中创建 OrganizationAccountAccessRole IAM 角色。向管理账户授予承担 IAM 角色的权限。
D. Create the OrganizationAccountAccessRole IAM role in the management account. Attach the AdministratorAccess AWS managed policy to the IAM role. Assign the IAM role to the administrators in each member account.
中文翻译:
在管理账户中创建 OrganizationAccountAccessRole IAM 角色。将 AdministratorAccess AWS 托管策略附加到 IAM 角色。将 IAM 角色分配给每个成员账户中的管理员。
答案
C
解析
正确答案:C 解析: 本题应选择 C。 正确选项: C. 在每个成员账户中创建 OrganizationAccountAccessRole IAM 角色。向管理账户授予承担 IAM 角色的权限。 选择理由: 该选项最直接地满足题干中的关键约束。做 SAP-C02 题目时,需要同时对照题干里的限定词,例如最高性能、最低运维开销、成本效益、可靠性、可扩展性、安全性、RTO/RPO、合规要求等。本题相关考点主要包括:IAM、Organizat...