You are an AWS Solutions Architect in a financial company.
The company recently started working on migrating legacy applications to AWS.
You planned to use a new AWS Organization to manage all AWS accounts so that you can easily configure accounts, assign organizational units, configure security policies, etc.
Which methods are valid for you to add accounts to the Organization? (Select TWO.)
Click on the arrows to vote for the correct answer
A. B. C. D. E.Correct Answer - A, D.
There are two methods to add accounts to the AWS Organization either by creating new accounts within an Organization or creating invitations.
Please refer to.
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_invites.htmland.
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html.Option A is CORRECT because the user can create a new account that is part of the Organization.
Option B is incorrect because other accounts can not create requests to join the Organization.
There is no CLI request-join-to-organization as well.
Option C is incorrect because, in the AWS console, users cannot create requests to join an Organization.
However, they can accept invitations.
Option D is CORRECT because this can be done through the AWS console, CLI, or API.
Option E is incorrect because the cross-account IAM role is not required in this scenario.
Also, there is no API call to add to an organization for other accounts.
As an AWS Solutions Architect in a financial company, you are planning to use a new AWS Organization to manage all AWS accounts for easy configuration, security policy assignment, and other management purposes. The following are valid methods for adding accounts to the Organization:
A. In the AWS Organization console, create accounts within your organization.
This method involves creating new accounts directly within the AWS Organization console. You can create accounts with a specific name and email domain, and configure account settings like IAM roles, permissions, and billing information. This method is useful for new accounts that do not exist yet, or if you need to create a large number of accounts quickly.
B. Use AWS CLI request-join-to-organization for other AWS accounts to join the Organization. After the Organization owner accepts the requests, the accounts will join successfully.
This method involves requesting other AWS accounts to join the AWS Organization using the AWS CLI. After the request is sent, the Organization owner must accept the request before the account can join the Organization. This method is useful if you need to add existing AWS accounts that are owned by other entities, like subsidiaries or partners, to your Organization.
C. For other accounts, use root accounts to login to the AWS Organization console, create requests to the Organization owner to join the organization.
This method involves creating requests to the Organization owner from root accounts of other AWS accounts to join the AWS Organization. After the request is sent, the Organization owner must accept the request before the account can join the Organization. This method is useful if you need to add existing AWS accounts that are owned by other entities, like subsidiaries or partners, to your Organization, but you do not have access to their AWS accounts.
D. In the root account of the Organization, create invitations to other accounts and wait for them to accept the invitations.
This method involves creating invitations to other AWS accounts to join the AWS Organization from the root account of the Organization. After the invitation is sent, the invited account must accept the invitation before it can join the Organization. This method is useful if you need to add existing AWS accounts that are owned by other entities, like subsidiaries or partners, to your Organization, but you do not have access to their AWS accounts.
E. For other accounts, create a cross-account IAM role that allows the operation of add-account-to-organization for the resource of the AWS Organization ARN. Use an IAM user to assume the IAM role and send an API call to add the account to the Organization.
This method involves creating a cross-account IAM role that allows an IAM user to assume the role and send an API call to add an AWS account to the AWS Organization. This method is useful if you need to automate the process of adding multiple AWS accounts to your Organization, or if you need to add accounts programmatically using scripts or tools.
In summary, valid methods for adding accounts to an AWS Organization include creating accounts within the AWS Organization console, using AWS CLI request-join-to-organization, creating requests to the Organization owner from root accounts of other AWS accounts, creating invitations from the root account of the Organization, and using a cross-account IAM role to automate the process.