AWS well architected framework recommends central management of all AWS Accounts from a security standpoint.
What helps me to configure services and resources centrally?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: B.
Option A is incorrect.
AWS Config works with rules.
An Organization may have defined various compliance rules for various AWS services.
These rules can be defined in AWS Config and data aggregated centrally for measuring compliance.
Option B is CORRECT.
AWS Organizations helps configure policies related to different services centrally.
Also known as Service Control Policies (SCP), they can be defined for your entire Organization.
As an example if you have configured a central logging of all API calls using CloudTrail, member accounts cannot override that policy using IAM policies.
Option C is incorrect.
AWS Inspector automates DevSecOps in the cloud by detecting security vulnerabilities in EC2 workloads.
Option D is incorrect.
Only AWS Organizations have the ability to provide a central management of all my AWS accounts.
Reference:
https://aws.amazon.com/architecture/well-architected/?wa-lens-whitepapers.sort-by=item.additionalFields.sortDate&wa-lens-whitepapers.sort-order=descThe AWS Well-Architected Framework is a methodology designed to help architects build secure, high-performance, resilient, and efficient infrastructure for their applications. One of the best practices recommended by the framework is to use AWS Organizations for central management of all AWS accounts from a security standpoint.
AWS Organizations is a service that allows you to manage multiple AWS accounts centrally. It enables you to create and manage groups of accounts, automate account creation, and apply policies to accounts or groups of accounts. By using AWS Organizations, you can simplify billing and cost management, apply security policies, and share resources across accounts.
One of the benefits of using AWS Organizations is that it allows you to configure services and resources centrally. This means that you can apply security policies, compliance requirements, and other configurations across multiple accounts or groups of accounts.
AWS Config is another service that helps you manage and monitor your AWS resources. It provides a detailed inventory of your AWS resources, tracks changes to your resources over time, and enables you to audit resource configurations against best practices and compliance standards.
AWS Inspector is a security assessment service that helps you improve the security and compliance of your applications deployed on AWS. It provides a comprehensive view of your security posture and identifies security vulnerabilities in your resources.
Therefore, the correct answer is (B) AWS Organizations. However, it's important to note that while AWS Config and AWS Inspector can help you manage and monitor your AWS resources, they do not enable central management of multiple AWS accounts like AWS Organizations does.