Inviting Other Accounts to Join an AWS Organization
Question
You are providing AWS consulting services to an IT company.
This company owns dozens of AWS accounts and prefers to set up an AWS Organization so that all of these accounts can be managed together under a root account.
The AWS administrator planned to create invitations for other accounts and asked for your advice.
About inviting other accounts to join an AWS Organization, which statements are correct? (Select TWO.)
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D. E.Correct Answer - B, E.
Invitations are used to add accounts for an AWS Organization as below:
Details can be found in.
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_invites.html.Option A is incorrect because AWS CLI or AWS API also works, such as aws organizations invite-account-to-organization.
Option B is CORRECT because one account can only join one AWS Organization.
Option C is incorrect because it can be an IAM user as long as it has proper IAM permissions.
Option D is incorrect because there is a limitation of creating invitations.
Users can send up to 20 invitations per day per organization.
Option E is CORRECT because invitations must be responded to within 15 days.
Otherwise, they will expire.
Sure, I'd be happy to explain the correct statements regarding inviting other accounts to join an AWS Organization.
A. Organization invitations can only be created through the AWS Organization console. This statement is correct. Invitations to join an AWS Organization can only be created by the root user of the organization through the AWS Organization console. The root user needs to log in to the AWS Management Console, go to the AWS Organizations service, and then select the "Invite account" option to send an invitation to another account.
B. One AWS account can join only one Organization even if it receives multiple invitations. This statement is also correct. Once an AWS account accepts an invitation to join an AWS Organization, it can only be a member of that one organization. It cannot join any other organization or be invited to join another organization.
C. Only the root user of an AWS account can create invitations. This statement is not entirely correct. While the root user of an AWS account can create invitations, other IAM users with the "organizations:InviteAccountToOrganization" permission can also create invitations on behalf of the root user. However, the root user must first grant the permission to the IAM user.
D. Users can create unlimited invitations per day per organization. This statement is not correct. There is a limit to the number of invitations that can be sent per day per organization. This limit is 20 invitations per day per organization, although it can be increased by contacting AWS support.
E. If an invitation is not accepted or rejected for over 15 days, the invitation will expire. This statement is correct. When an AWS account receives an invitation to join an AWS Organization, it has 15 days to accept or reject the invitation. If the invitation is not accepted or rejected within 15 days, it will expire and can no longer be used to join the organization.
I hope this detailed explanation helps you understand the correct statements regarding inviting other accounts to join an AWS Organization.
