A customer needs corporate IT governance and cost oversight of all AWS resources consumed by its divisions.
The divisions want to maintain administrative control of the discrete AWS resources they consume and keep those resources separate from the resources of other divisions.
How would you achieve this requirement?
Click on the arrows to vote for the correct answer
A. B. C. D.Answers - A
We need to satisfy 2 requirements here.
1
To provide either autonomy or control of divisions while maintaining IT Governance.
2
To evaluate the overall cost.
AWS Organizations enables you to consolidate multiple AWS accounts into an organization that you create and manage centrally.
AWS Organizations also includes account management and consolidated billing capabilities.
https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/consolidated-billing.html https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_org_support-all-features.htmlOptions B, C, and D do not satisfy the requirements of the scenario mentioned in the question.
For more details, please check below AWS Docs.
https://aws.amazon.com/blogs/aws/aws-organizations-policy-based-management-for-multiple-aws-accounts/To achieve the requirement of corporate IT governance and cost oversight of all AWS resources consumed by its divisions while maintaining administrative control of the discrete AWS resources they consume, the best solution is to use AWS Organizations. AWS Organizations is a service that allows you to consolidate multiple AWS accounts into an organization that you create and centrally manage.
Answer A:
Using AWS Organizations, you can manage AWS accounts, group the accounts into organizational units (OUs), and use the consolidated billing feature to consolidate billing and payment. This approach allows for centralized management of all AWS resources consumed by the divisions while also providing each division with administrative control over their own resources.
By grouping the accounts into OUs, you can apply policies to specific groups of accounts, such as security policies or cost management policies. This allows for more granular control over the resources consumed by each division. Using consolidated billing, you can consolidate the charges for all accounts in the organization into a single bill, making it easier to manage and track costs.
Answer B:
Creating separate VPCs for each division within the AWS account is not the best solution for this requirement, as it does not provide centralized management of AWS resources across all divisions. Each VPC would need to be managed separately, making it difficult to implement consistent policies and track costs across all divisions.
Answer C:
Writing all child AWS CloudTrail and Cloudwatch logs to each child account's Amazon S3 is not an effective solution for this requirement, as it does not provide centralized management of AWS resources across all divisions. It also does not provide the ability to implement consistent policies and track costs across all divisions.
Answer D:
Writing all child AWS CloudTrail and Amazon CloudWatch logs to each child account's Amazon S3 'Log' bucket is also not an effective solution for this requirement, as it does not provide centralized management of AWS resources across all divisions. It also does not provide the ability to implement consistent policies and track costs across all divisions.
In summary, the best solution to achieve this requirement is to use AWS Organizations to manage AWS accounts, group the accounts into organizational units (OUs), and use the consolidated billing feature to consolidate billing and payment. This approach allows for centralized management of all AWS resources consumed by the divisions while also providing each division with administrative control over their own resources.