AWS Certified Solutions Architect – Professional — Question 493

A company has a policy that all Amazon EC2 instances that are running a database must exist within the same subnets in a shared VPC. Administrators must follow security compliance requirements and are not allowed to directly log in to the shared account. All company accounts are members of the same organization in AWS Organizations. The number of accounts will rapidly increase as the company grows.
A solutions architect uses AWS Resource Access Manager to create a resource share in the shared account.
What is the MOST operationally efficient configuration to meet these requirements?

Answer options

• A. Add the VPC to the resource share. Add the account IDs as principals
• B. Add all subnets within the VPC to the resource share. Add the account IDs as principals
• C. Add all subnets within the VPC to the resource share. Add the organization as a principal
• D. Add the VPC to the resource share. Add the organization as a principal

Correct answer: C

Explanation

AWS Resource Access Manager (RAM) allows the sharing of VPC subnets, but you cannot share an entire VPC directly, which rules out options A and D. Additionally, sharing the subnets with the entire AWS Organization is much more operationally efficient than adding individual account IDs as the company grows. Therefore, sharing the subnets with the organization as the principal is the correct configuration.