An administrator needs to manage many AWS accounts within a big organization.
Which of the following is the most appropriate AWS service for an administrator to utilize?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer:D.
Option A is INCORRECT because CloudTrail is a tool to track AWS API activities.
Option B is INCORRECT because IAM Roles are typically utilized when one AWS service grants access to another.
The use case requires access management to several services.
Option C is INCORRECT because implementation of IAM Policies cannot manage access to specific sets of AWS services.
Thus this option does not meet the requirements of the use case.
Option D is CORRECT because AWS Organisations orders AWS accounts into logical groups called organization units and is a suitable tool to manage many AWS accounts.
The most appropriate AWS service for an administrator to utilize when managing many AWS accounts within a big organization is AWS Organizations (Option D).
AWS Organizations is a service that allows an administrator to manage multiple AWS accounts in a centralized way. With AWS Organizations, an administrator can create groups of AWS accounts, apply policies across these groups, and automate the account creation process.
By using AWS Organizations, an administrator can simplify the management of AWS accounts by centralizing billing, applying security policies, and simplifying resource sharing across accounts. AWS Organizations provides a hierarchical structure to organize AWS accounts into organizational units (OUs) and apply policies to those OUs. This hierarchical structure also allows for more granular control of access and permissions.
CloudTrail (Option A) is a service that records all API calls made in an AWS account. While it provides a comprehensive audit trail for an AWS account, it does not provide centralized management of multiple AWS accounts.
IAM Roles (Option B) are a way to delegate permissions to resources in an AWS account. While IAM roles can be used to manage permissions within a single AWS account, they are not a suitable tool for managing multiple AWS accounts.
IAM Policies (Option C) are used to define permissions for AWS users, groups, and roles within a single AWS account. While they can be used to manage permissions within an AWS account, they are not a suitable tool for managing multiple AWS accounts.
In summary, AWS Organizations is the most appropriate AWS service for an administrator to utilize when managing many AWS accounts within a big organization because it provides centralized management of multiple AWS accounts, allows for the application of policies across accounts, and provides a hierarchical structure for organizing accounts.