A company has many AWS accounts and uses AWS Organizations to manage all of them. A solut…

Question

A company has many AWS accounts and uses AWS Organizations to manage all of them. A solutions architect must implement a solution that the company can use to share a common network across multiple accounts.
The company’s infrastructure team has a dedicated infrastructure account that has a VPC. The infrastructure team must use this account to manage the network. Individual accounts cannot have the ability to manage their own networks. However, individual accounts must be able to create AWS resources within subnets.
Which combination of actions should the solutions architect perform to meet these requirements? (Choose two.)

Accepted Answer

Correct answer: B, D. B. Enable resource sharing from the AWS Organizations management account. — D. Create a resource share in AWS Resource Access Manager in the infrastructure account. Select the specific AWS Organizations OU that will use the shared network. Select each subnet to associate with the resource share. — The correct actions are B and D. Enabling resource sharing from the AWS Organizations management account allows the individual accounts to access the shared resources without managing their own networks. Creating a resource share in the infrastructure account ensures that the selected subnets are made available to the specified organizational unit, facilitating resource creation by individual accounts. Options A, C, and E do not meet the specific requirements of not allowing individual accounts to manage their networks.

AWS Certified Solutions Architect – Professional (SAP-C02) — Question 11

Answer options

Correct answer: B, D

Explanation