AWS Certified Solutions Architect – Associate (SAA-C03) — Question 707

A company uses an organization in AWS Organizations to manage AWS accounts that contain applications. The company sets up a dedicated monitoring member account in the organization. The company wants to query and visualize observability data across the accounts by using Amazon CloudWatch.

Which solution will meet these requirements?

Answer options

• A. Enable CloudWatch cross-account observability for the monitoring account. Deploy an AWS CloudFormation template provided by the monitoring account in each AWS account to share the data with the monitoring account.
• B. Set up service control policies (SCPs) to provide access to CloudWatch in the monitoring account under the Organizations root organizational unit (OU).
• C. Configure a new IAM user in the monitoring account. In each AWS account, configure an IAM policy to have access to query and visualize the CloudWatch data in the account. Attach the new IAM policy to the new IAM user.
• D. Create a new IAM user in the monitoring account. Create cross-account IAM policies in each AWS account. Attach the IAM policies to the new IAM user.

Correct answer: A

Explanation

Amazon CloudWatch cross-account observability is the native feature designed to aggregate and visualize metrics, logs, and traces across multiple AWS accounts from a central monitoring account. Deploying the CloudFormation template provided by the monitoring account to the source accounts establishes the necessary sharing permissions. Other options utilizing IAM users or Service Control Policies (SCPs) are incorrect because SCPs only restrict permissions and do not grant them, and IAM-based approaches do not provide the native cross-account dashboarding features of CloudWatch.