Secure AWS Multi-Account Environment Setup
Question
You work for a large enterprise company and want to set up a secure, compliant, multi-account AWS environment.
Using that service, the end-users should provision their AWS accounts quickly.
At the same time, the central management team should be able to ensure that all accounts in AWS Organizations are aligned with industry-wide compliance policies.
Which of the following services is the most appropriate to meet the need?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.The most appropriate service to meet the described need is AWS Control Tower (Option A).
AWS Control Tower is a managed service that makes it easier to set up and govern a secure, compliant, multi-account AWS environment. It enables you to set up and manage a multi-account AWS environment in a standardized way, with pre-configured best practices for security and compliance.
With AWS Control Tower, you can quickly provision new AWS accounts that are automatically configured with a set of policies and guardrails that enforce your organization's compliance policies. It also provides a centralized dashboard to manage all your AWS accounts and monitor compliance across your organization.
In addition, AWS Control Tower integrates with AWS Service Catalog (Option B) to provide a self-service portal for end-users to quickly provision new AWS accounts with pre-approved templates and configurations. AWS Security Hub (Option C) is another service that integrates with AWS Control Tower to provide a centralized view of security and compliance across your AWS environment. AWS CloudWatch (Option D) is a monitoring service that can be used to monitor and collect metrics, logs, and events from your AWS resources, but it is not directly related to setting up a secure, compliant, multi-account AWS environment.
Therefore, the most appropriate service to meet the need described is AWS Control Tower.
