A Multinational IT firm has a large number of AWS accounts working on various projects.
All these accounts are part of AWS Organizations.
The Operations Team is facing difficulties in enforcing policies across all these multiple accounts and detecting non-conforming resources.
The Operations team is seeking your guidance to automate policy management for this multi-account setup. Which of the following services is best suited to be implemented along with AWS Organizations to meet this requirement?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: A.
AWS Control Tower is best suited for set-up & governing a multi-account AWS environment.
AWS Control Towers has the following features.
Automates Creation of multi-account setup using Landing Zone.
Automates policy management across multiple accounts using guardrails.
Integrated dashboard displaying a summary of policies implemented.
In the above case, guardrails can be used to enforce policies using Service control policies and also to detect any non-conforming resources with these accounts.
Option B is incorrect as AWS Security Hub will provide a comprehensive view of security alerts.
It is not suited to enforce governance policies across all accounts.
Option C is incorrect as AWS Service Catalog helps create AWS approved IT service catalog.
It is not suited to enforce governance policies across all accounts.
Option D is incorrect as AWS Systems Manager is used for tracking and resolving operational issues across all AWS accounts.
For more information on AWS Control Tower, refer to the following URL,
https://aws.amazon.com/controltower/features/The best option for implementing policy management automation for a multi-account AWS setup is AWS Control Tower.
AWS Control Tower is a service that helps customers set up and govern a secure, multi-account AWS environment. It simplifies the creation of new AWS accounts and automates the process of deploying and enforcing policies and best practices across those accounts.
By implementing AWS Control Tower along with AWS Organizations, the Operations team can enforce policies and detect non-conforming resources across all the AWS accounts in the organization. AWS Control Tower provides a central dashboard for monitoring compliance and reporting on any policy violations, making it easier to manage a large number of accounts.
AWS Security Hub is a security service that provides a comprehensive view of security alerts and compliance status across AWS accounts. While it can help detect security issues and enforce compliance, it is not specifically designed for policy management automation.
AWS Service Catalog is a service that enables organizations to create and manage catalogs of IT services that are approved for use on AWS. While it can help with deploying and managing resources across accounts, it is not specifically designed for policy management automation.
AWS Systems Manager is a management service that helps customers automate operational tasks across their AWS resources. While it can help with managing resources, it is not specifically designed for policy management automation in a multi-account setup.