AWS Certified SysOps Administrator – Associate — Question 396

A company is expanding its use of AWS services across its portfolios. The company wants to provision AWS accounts for each team to ensure a separation of business processes for security, compliance, and billing. Account creation and bootstrapping should be completed in a scalable and efficient way so new accounts are created with a defined baseline and governance guardrails in place. A SysOps administrator needs to design a provisioning process that saves time and resources.

Which action should be taken to meet these requirements?

Answer options

• A. Automate using AWS Elastic Beanstalk to provision the AWS accounts, set up infrastructure, and integrate with AWS Organizations.
• B. Create bootstrapping scripts in AWS OpsWorks and combine them with AWS CloudFormation templates to provision accounts and infrastructure.
• C. Use AWS Config to provision accounts and deploy instances using AWS Service Catalog.
• D. Use AWS Control Tower to create a template in Account Factory and use the template to provision new accounts.

Correct answer: D

Explanation

AWS Control Tower is the designated service for easily setting up and governing a secure, multi-account AWS environment. Its Account Factory feature standardizes and automates the provisioning of new accounts with built-in governance guardrails and baselines. Other options like AWS Elastic Beanstalk, AWS OpsWorks, and AWS Config are not designed for orchestrating multi-account creation and organization-level bootstrapping.