An administrator would like to automate the creation of new AWS accounts for the organization's research and development department.
New workloads need to be spun-up promptly and categorized into groups.
How can this be achieved efficiently?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer - B.
AWS Organizations allows the user to automate the creation of new AWS accounts when they need to launch new workloads quickly.
The administrator can add these new accounts to user-defined groups in an organization for easy categorization.
For example, you can create separate groups to categorize development and production accounts.
Then you can apply a Service Control Policy (SCP) to the production group allowing only access to AWS services required by production workloads.
https://aws.amazon.com/organizations/Option A is INCORRECT because AWS CloudFormation does not aid in the automated AWS account creation.
AWS CloudFormation provides a common language for the administrator to describe and provision all the infrastructure resources in their cloud environment.
CloudFormation allows the administrator to use a simple text file to model and provision all the resources needed for applications across all regions and accounts.
This file serves as a single source of truth for your cloud environment.
https://aws.amazon.com/cloudformation/Option C is INCORRECT because using AWS API to programmatically create each account via command-line interface is feasible but inefficient.
The AWS Command Line Interface (CLI) is a unified tool to manage your AWS services.
With just one tool to download and configure, you can control multiple AWS services from the command line and automate them through scripts.
https://aws.amazon.com/cli/Option D is INCORRECT because using AWS Identity Access Management (IAM) to fulfill the task is inefficient and tedious.
AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely.
Using IAM, you can create and manage AWS users and groups.
You can use permissions to allow and deny their access to AWS resources.
IAM is a feature of your AWS account offered at no additional charge.
You will be charged only for the use of other AWS services by your users.
https://aws.amazon.com/iam/To automate the creation of new AWS accounts for an organization's research and development department, the best solution is to use AWS Organizations. AWS Organizations is a service that enables centralized management of multiple AWS accounts. It allows you to create, manage, and organize multiple AWS accounts with different configurations and permissions under a single master account.
AWS Organizations provides several benefits such as consolidated billing, cost management, and centralized management of policies across all accounts. It also enables you to create and manage accounts programmatically, which is ideal for automation.
With AWS Organizations, you can create accounts in bulk and apply policies to them. You can also organize accounts into groups based on their purpose, such as development, production, or testing. This makes it easier to manage and apply policies to different accounts based on their role in the organization.
Using AWS CloudFormation could also be a solution, but it only automates the deployment of resources within a single account. It does not provide a way to create multiple AWS accounts programmatically.
Using the AWS API to programmatically create each account via command line interface is also possible, but it would require more effort to manage and organize the accounts.
AWS Identity Access Management (IAM) is a service that allows you to manage access to AWS resources. While it is important for managing access to resources within accounts, it is not a solution for automating the creation of new accounts.
In summary, the best solution for automating the creation of new AWS accounts for an organization's research and development department is to use AWS Organizations. It provides centralized management, organization, and policy application for multiple AWS accounts.