Add Accounts to AWS Organization | Exam SAP-C01 Answer

Correct Answer - A, D.

There are two methods to add accounts to the AWS Organization either by creating new accounts within an Organization or creating invitations.

Please refer to.

https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_invites.html

and.

https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_create.html.

Option A is CORRECT because the user can create a new account that is part of the Organization.

Option B is incorrect because other accounts can not create requests to join the Organization.

There is no CLI request-join-to-organization as well.

Option C is incorrect because, in the AWS console, users cannot create requests to join an Organization.

However, they can accept invitations.

Option D is CORRECT because this can be done through the AWS console, CLI, or API.

Option E is incorrect because the cross-account IAM role is not required in this scenario.

Also, there is no API call to add to an organization for other accounts.

AWS Organizations is a service that allows you to consolidate multiple AWS accounts into an organization. You can create an AWS Organization to manage and govern your AWS accounts easily, apply policies across your accounts, and automate account creation and management. As an AWS Solutions Architect in a financial company, you need to add accounts to the organization to manage them easily.

There are several methods to add accounts to an AWS Organization, but you need to choose the valid ones. The valid methods to add accounts to an AWS Organization are:

A. In the AWS Organization console, create accounts within your organization. This is a valid method to add accounts to an AWS Organization. You can create accounts within the organization using the AWS Organization console. You need to provide the account name, email address, and choose the payment method. After creating the account, it will automatically join the organization.

B. Use AWS CLI request-join-to-organization for other AWS accounts to join the Organization. After the Organization owner accepts the requests, the accounts will join successfully. This is another valid method to add accounts to an AWS Organization. You can use the AWS CLI to send a join request to the organization owner from the account that you want to add to the organization. The organization owner needs to accept the request for the account to join the organization.

C. For other accounts, use root accounts to login to the AWS Organization console, create requests to the Organization owner to join the organization. This is not a valid method to add accounts to an AWS Organization. You should avoid using root accounts to log in to the AWS Organization console. Root accounts have unrestricted access to all resources in the AWS account, and you should not use them unless absolutely necessary.

D. In the root account of the Organization, create invitations to other accounts and wait for them to accept the invitations. This is not a valid method to add accounts to an AWS Organization. Although you can invite accounts to join an organization, you should avoid using the root account to do so. Instead, you should use the methods described in A and B.

E. For other accounts, create a cross-account IAM role that allows the operation of add-account-to-organization for the resource of the AWS Organization ARN. Use an IAM user to assume the IAM role and send an API call to add the account to the Organization. This is not a valid method to add accounts to an AWS Organization. There is no such operation called add-account-to-organization, and you should not create a cross-account IAM role to perform an operation that does not exist.

In summary, the valid methods to add accounts to an AWS Organization are A and B. You can create accounts within the organization using the AWS Organization console or use the AWS CLI to send a join request to the organization owner from the account that you want to add to the organization.