Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Amazon Exam SAP-C02 Topic 9 Question 36 Discussion

Actual exam question for Amazon's SAP-C02 exam
Question #: 36
Topic #: 9
[All SAP-C02 Questions]

A large mobile gaming company has successfully migrated all of its on-premises infrastructure to the AWS Cloud. A solutions architect is reviewing the environment to ensure that it was built according to the design and that it is running in alignment with the Well-Architected Framework.

While reviewing previous monthly costs in Cost Explorer, the solutions architect notices that the creation and subsequent termination of several large instance types account for a high proportion of the costs. The solutions architect finds out that the company's developers are launching new Amazon EC2 instances as part of their testing and that the developers are not using the appropriate instance types.

The solutions architect must implement a control mechanism to limit the instance types that only the developers can launch.

Which solution will meet these requirements?

Show Suggested Answer Hide Answer
Suggested Answer: B, E

Create AWS Organization:

In the AWS Management Console, navigate to AWS Organizations and create a new organization in the parent account.

Invite LOB Accounts:

Invite each Line of Business (LOB) account to join the organization. This allows centralized management and governance of all accounts.

Enable Consolidated Billing:

Enable consolidated billing in the billing console of the parent account. Link all LOB accounts to ensure a single consolidated invoice that breaks down costs per account.

Apply Service Control Policies (SCPs):

Implement Service Control Policies (SCPs) to define the services and features permitted for each LOB account as per the governance policy, while still delegating full administrative permissions to the LOB accounts.

By consolidating billing and using AWS Organizations, the company can achieve centralized billing and governance while maintaining independent administrative control for each LOB account


by Frank at Jul 16, 2024, 03:05 AM

Limited Time Offer

25%

Off

Get Premium SAP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Macy
2 months ago
Whichever option we choose, I hope the developers don't start launching instances with their credit cards instead. That would be a whole new problem to deal with!
upvoted 0 times
Maybelle
3 days ago
A: That's a good point! We need to make sure they stick to the allowed instance types to avoid any unexpected costs.
upvoted 0 times
...
Danica
4 days ago
B: In the EC2 console, create a launch template that specifies the instance types that are allowed. Assign the launch template to the developers' IAM accounts.
upvoted 0 times
...
Claudio
9 days ago
A: Create a desired-instance-type managed rule in AWS Config. Configure the rule with the instance types that are allowed. Attach the rule to an event to run each time a new EC2 instance is launched.
upvoted 0 times
...
...
Brande
2 months ago
D seems like overkill for this scenario. Creating a custom image pipeline just to control instance types? I'd go with a more straightforward approach like C or B.
upvoted 0 times
Tegan
1 months ago
Creating a launch template in the EC2 console could also work well to limit the instance types.
upvoted 0 times
...
Gianna
1 months ago
Yeah, attaching the policy to an IAM group for the developers would make it easier to manage.
upvoted 0 times
...
Alona
1 months ago
I think creating a new IAM policy with the allowed instance types is a good idea.
upvoted 0 times
...
Reita
2 months ago
I agree, D does seem like overkill for this situation.
upvoted 0 times
...
...
Tonja
2 months ago
Option B looks good too. Using a launch template to restrict the instance types is a neat way to enforce the policy, and it's more user-friendly for the developers.
upvoted 0 times
...
Tamar
2 months ago
I'm not sure, but I think option B could also work by assigning launch templates to developers' IAM accounts.
upvoted 0 times
...
Denise
2 months ago
I think option C is the best solution. By creating a custom IAM policy, we can granularly control the instance types the developers can launch, without impacting the rest of the organization.
upvoted 0 times
Alex
2 months ago
I agree, creating a new IAM policy is a straightforward way to control the instance types for developers.
upvoted 0 times
...
Daniel
2 months ago
Option C is a good choice. It allows us to specify the instance types that developers can launch.
upvoted 0 times
...
...
Junita
2 months ago
I agree with Kanisha, creating a managed rule in AWS Config seems like the most efficient way to limit instance types.
upvoted 0 times
...
Kanisha
3 months ago
I think option A is the best solution.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77