A start-up firm is planning to build a new multi-account environment with AWS.
They are looking for a managed service that will recommend the best practices and provide GuardRails to manage the AWS environment at scale.
The new environment should be secure and scale well with future growth. Which service is best suited to be used to meet this requirement?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: C.
AWS Control Tower can be used to set up and govern a multi-account environment with AWS.
It is a managed service that follows AWS best practices to set up secure and scalable new environments and governance with GuardRails.
Option A is incorrect as AWS CloudFormation provides templates to provision AWS resources; this would not recommend the best practice and provide GuardRails to manage the AWS environment at scale.
Option B is incorrect as AWS Organizations help manage and govern multiple accounts within AWS.
AWS Control Tower implements AWS Organizations to manage multiple accounts and implement SCP.
Option D is incorrect as AWS Landing Zone is AWS CloudFormation deployment framework which is a customer-managed solution to deploy landing zone implementation.
For more information on AWS Control Tower, refer to the following URL,
https://d1.awsstatic.com/events/reinvent/2019/AWS_Control_Tower_versus_AWS_Landing_Zone_GPSTEC203.pdfThe best service for the given requirement is AWS Control Tower.
AWS Control Tower is a managed service that provides a pre-packaged set of AWS best practices, policies, and guardrails to govern a multi-account AWS environment. It automates the creation of new AWS accounts, sets up guardrails to ensure compliance with policies, and continuously monitors compliance.
AWS Control Tower simplifies the management of multiple AWS accounts by providing a central dashboard to manage all the accounts. It also automates the deployment of services, such as AWS Config and AWS CloudTrail, to ensure compliance with best practices.
AWS Control Tower also provides a set of pre-built guardrails that enforce policies to ensure that the environment is secure and compliant. These guardrails can be customized to meet the specific requirements of the start-up firm.
AWS Organizations, on the other hand, is a service that allows an organization to consolidate multiple AWS accounts into a single organization. It provides policy-based management for multiple AWS accounts, but it does not provide the pre-packaged set of AWS best practices and guardrails that AWS Control Tower does.
AWS CloudFormation is a service that allows the creation of templates to automate the deployment of AWS resources. While it can be used to automate the deployment of AWS resources, it does not provide the pre-packaged set of AWS best practices and guardrails that AWS Control Tower does.
AWS Landing Zone is a solution that automates the setup of a multi-account AWS environment with security and compliance best practices. It is similar to AWS Control Tower but is more customizable and requires more setup effort. AWS Control Tower is a managed service that is easier to set up and provides a pre-packaged set of best practices and guardrails.