A DevOps Engineer must ensure all IAM entity configurations across multiple AWS accounts in AWS Organizations are compliant with corporate IAM policies.
Which combination of steps will accomplish this? (Choose two.)
A . Enable AWS Trusted Advisor in Organizations for all accounts to report on noncompliant IAM entities.
B . Configure an AWS Config aggregator in the Organizations master account for all accounts.
C . Deploy AWS Config rules to the master account in Organizations that match corporate IAM policies.
D . Apply an SCP in Organizations to ensure compliance of IAM entities.
E . Deploy AWS Config rules to all accounts in Organizations that match the corporate IAM policies.
Answer: DE
Explanation:
Reference:
https://aws.amazon.com/blogs/mt/manage-custom-aws-config-rules-with-remediations-usingconformance-packs/?nc1=b_rp
https://aws.amazon.com/blogs/security/announcing-aws-organizations-centrally-manage-multiple-awsaccounts/
Leave a Reply