AWS Certified DevOps Engineer – Professional — Question 128

A DevOps team supports many accounts across an organization in AWS Organizations. The DevOps team has decided to use AWS Coring across the organization to implement centralized automatic remediation of Amazon S3 buckets that have public ACLs. Individual accounts must not be able to modify the remediation strategy.

Which solution will meet these requirements?

Answer options

• A. Create an AWS Config conformance pack that contains a rule that checks for S3 buckets that have public ACLs. Configure the conformance pack to use an AWS Systems Manager Automation runbook to block public access to the S3 buckets. Deploy the conformance pack across the organization.
• B. Configure AWS Config rules that detect S3 buckets that have public ACLs. Configure a remediation action that uses AWS Lambda to block public access to the S3 buckets. Use AWS CloudFormation StackSets to deploy the rules across the organization.
• C. Configure AWS Config rules that detect S3 buckets that have public ACLs. Configure a remediation action that uses an AWS Systems Manager Automation runbook to block public access to the S3 buckets. Use AWS CloudFormation StackSets to deploy the rules across the organization.
• D. Create an AWS Config conformance pack that contains a rule that checks for 53 buckets that have public ACLs. Configure the conformance pack to use an AWS Lambda function to block public access to the S3 buckets. Deploy the conformance pack across the organization.

Correct answer: A

Explanation

The correct answer is A, as it specifies the use of an AWS Systems Manager Automation runbook for blocking public access, which aligns with the requirement of centralized remediation. Options B and C incorrectly suggest using AWS Lambda for remediation, which does not meet the criteria set by the DevOps team. Option D contains a typo '53 buckets' instead of 'S3 buckets' and also uses AWS Lambda instead of the required runbook.