Correct Statements Regarding Inviting Accounts to an AWS Organization
Question
You are providing AWS consulting services to an IT company.
This company owns dozens of AWS accounts and prefers to set up an AWS Organization so that all of these accounts can be managed together under a root account.
The AWS administrator planned to create invitations for other accounts and asked for your advice.
About inviting other accounts to join an AWS Organization, which statements are correct? (Select TWO.)
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D. E.Correct Answer - B, E.
Invitations are used to add accounts for an AWS Organization as below:
Details can be found in.
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_invites.html.Option A is incorrect because AWS CLI or AWS API also works, such as aws organizations invite-account-to-organization.
Option B is CORRECT because one account can only join one AWS Organization.
Option C is incorrect because it can be an IAM user as long as it has proper IAM permissions.
Option D is incorrect because there is a limitation of creating invitations.
Users can send up to 20 invitations per day per organization.
Option E is CORRECT because invitations must be responded to within 15 days.
Otherwise, they will expire.
Sure, I'd be happy to help!
First, let's start with a brief overview of AWS Organizations. AWS Organizations is a service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage. You can create an organization by using the AWS Management Console or the AWS Organizations API. Once you have an organization, you can invite other AWS accounts to join it as members. As members of an organization, the AWS accounts can share resources, policies, and services.
Now, let's go through each statement and see which ones are correct:
A. Organization invitations can only be created through the AWS Organization console.
This statement is not entirely correct. While you can create invitations through the AWS Management Console, you can also use the AWS Organizations API to create invitations programmatically. So, the correct statement would be "Organization invitations can be created through the AWS Management Console or the AWS Organizations API."
B. One AWS account can join only one Organization even if it receives multiple invitations.
This statement is correct. An AWS account can only be a member of one AWS Organization at a time.
C. Only the root user of an AWS account can create invitations.
This statement is not entirely correct. While the root user can create invitations, you can also delegate invitation management to other IAM users in the account by granting them the necessary permissions. So, the correct statement would be "Only the root user or delegated IAM users of an AWS account can create invitations."
D. Users can create unlimited invitations per day per organization.
This statement is not correct. There is a limit to the number of invitations you can send per day per organization. The limit is 50 invitations per day.
E. If an invitation is not accepted or rejected for over 15 days, the invitation will expire.
This statement is correct. If an invitation is not accepted or rejected within 15 days, it will expire and cannot be used to join the AWS Organization.
So, the correct statements are B and E.
I hope this helps! Let me know if you have any other questions.