AWS Certified DevOps Engineer – Professional (DOP-C02) — Question 19

A company has its AWS accounts in an organization in AWS Organizations. AWS Config is manually configured in each AWS account. The company needs to implement a solution to centrally configure AWS Config for all accounts in the organization The solution also must record resource changes to a central account.
Which combination of actions should a DevOps engineer perform to meet these requirements? (Choose two.)

Answer options

• A. Configure a delegated administrator account for AWS Config. Enable trusted access for AWS Config in the organization.
• B. Configure a delegated administrator account for AWS Config. Create a service-linked role for AWS Config in the organization’s management account.
• C. Create an AWS CloudFormation template to create an AWS Config aggregator. Configure a CloudFormation stack set to deploy the template to all accounts in the organization.
• D. Create an AWS Config organization aggregator in the organization's management account. Configure data collection from all AWS accounts in the organization and from all AWS Regions.
• E. Create an AWS Config organization aggregator in the delegated administrator account. Configure data collection from all AWS accounts in the organization and from all AWS Regions.

Correct answer: A, E

Explanation

The correct answers are A and E. Option A is necessary to establish centralized management through a delegated administrator account and enable trusted access, which allows AWS Config to manage settings across accounts. Option E is correct because it sets up the AWS Config organization aggregator in the delegated administrator account, ensuring data collection from all accounts and regions. The other options do not fulfill both requirements of central management and recording resource changes effectively.