Q: 17
A company has chosen AWS to host a new application. The company needs to implement a multi-
account strategy. A DevOps engineer creates a new AWS account and an organization in AWS
Organizations. The DevOps engineer also creates the OU structure for the organization and sets up a
landing zone by using AWS Control Tower.
The DevOps engineer must implement a solution that automatically deploys resources for new
accounts that users create through AWS Control Tower Account Factory. When a user creates a new
account, the solution must apply AWS CloudFormation templates and SCPs that are customized for
the OU or the account to automatically deploy all the resources that are attached to the account. All
the OUs are enrolled in AWS Control Tower.
Which solution will meet these requirements in the MOST automated way?
Options
Discussion
D since CfCT actually plugs into Control Tower lifecycle events so it does the SCP and CFN deployment as soon as an account is spun up, fully hands-off. StackSets (B) need extra management steps to keep in sync. Pretty sure CfCT wins on automation, unless something about the org changes. Anyone see a catch?
Yeah, D is the clear winner here since CfCT hooks directly into Control Tower’s lifecycle events and rolls out both CFN templates and SCPs without manual work. B gets you some automation but not the full hands-free integration. Pretty sure D is what AWS wants for this use case, but open if anyone thinks otherwise.
Its D
D vs B here. Pretty sure it's D because Customizations for AWS Control Tower is meant for automating these deployments automatically on new account creation, with CodeCommit making it seamless. Saw similar suggestion in the official guide and labs.
Be respectful. No spam.
