AWS Certified Solutions Architect – Professional (SAP-C02) — Question 466

A company is planning a migration from an on-premises data center to the AWS Cloud. The company plans to use multiple AWS accounts that are managed in an organization in AWS Organizations. The company will create a small number of accounts initially and will add accounts as needed. A solutions architect must design a solution that turns on AWS CloudTrail in all AWS accounts.

What is the MOST operationally efficient solution that meets these requirements?

Answer options

• A. Create an AWS Lambda function that creates a new CloudTrail trail in all AWS accounts in the organization. Invoke the Lambda function daily by using a scheduled action in Amazon EventBridge.
• B. Create a new CloudTrail trail in the organization's management account. Configure the trail to log all events for all AWS accounts in the organization.
• C. Create a new CloudTrail trail in all AWS accounts in the organization. Create new trails whenever a new account is created. Define an SCP that prevents deletion or modification of trails. Apply the SCP to the root OU.
• D. Create an AWS Systems Manager Automation runbook that creates a CloudTrail trail in all AWS accounts in the organization. Invoke the automation by using Systems Manager State Manager.

Correct answer: B

Explanation

Creating an organization trail in the management account automatically deploys AWS CloudTrail to all existing and future member accounts within AWS Organizations, making it the most operationally efficient option. Other options, such as using AWS Lambda, Systems Manager, or manual creation combined with SCPs, require custom scripting, ongoing maintenance, and unnecessary administrative effort as new accounts are added. Utilizing the native organization trail feature minimizes overhead and ensures comprehensive, automatic compliance.