A company has many AWS accounts and uses AWS Organizations to manage all of them. A solut…

Question

A company has many AWS accounts and uses AWS Organizations to manage all of them. A solutions architect must implement a solution that the company can use to share a common network across multiple accounts.
The company's infrastructure team has a dedicated infrastructure account that has a VPC. The infrastructure team must use this account to manage the network.
Individual accounts cannot have the ability to manage their own networks. However, individual accounts must be able to create AWS resources within subnets.
Which combination of actions should the solutions architect perform to meet these requirements? (Choose two.)

Accepted Answer

Correct answer: B, D. B. Enable resource sharing from the AWS Organizations management account. — D. Create a resource share in AWS Resource Access Manager in the infrastructure account. Select the specific AWS Organizations OU that will use the shared network. Select each subnet to associate with the resource share. — To enable VPC sharing across multiple accounts in AWS Organizations, resource sharing must first be enabled in the AWS Organizations management account. Once enabled, AWS Resource Access Manager (RAM) in the owner (infrastructure) account is used to create a resource share that distributes the specific subnets to the target Organizational Unit (OU). This allows member accounts to deploy resources into the shared subnets while preventing them from modifying the underlying VPC configuration.

AWS Certified Solutions Architect – Professional — Question 790

Answer options

Correct answer: B, D

Explanation