AWS Certified SysOps Administrator – Associate — Question 232

A company has several business units that want to use Amazon EC2. The company wants to require all business units to provision their EC2 instances by using only approved EC2 instance configurations.

What should a SysOps administrator do to implement this requirement?

Answer options

• A. Create an EC2 instance launch configuration. Allow the business units to launch EC2 instances by specifying this launch configuration in the AWS Management Console.
• B. Develop an IAM policy that limits the business units to provision EC2 instances only. Instruct the business units to launch instances by using an AWS CloudFormation template.
• C. Publish a product and launch constraint role for EC2 instances by using AWS Service Catalog. Allow the business units to perform actions in AWS Service Catalog only.
• D. Share an AWS CloudFormation template with the business units. Instruct the business units to pass a role to AWS CloudFormation to allow the service to manage EC2 instances.

Correct answer: C

Explanation

The correct answer is C because AWS Service Catalog allows for the creation of products and constraints that ensure only approved configurations are used for provisioning EC2 instances. Option A is incorrect as a launch configuration does not enforce compliance across multiple business units. Option B is wrong since an IAM policy alone does not guarantee that only approved configurations are used, and Option D does not control the configurations that the business units can use.