AWS Organizations Flashcards
AWS Organizations’ best feature is ___________ ________
- AWS Organizations’ best feature is Consolidated Billing
AWS Organizations Policies are applied to _____ accounts or __________ ____
AWS Organizations Policies are applied to root accounts or Organizational Units (OUs)
With consolidated Billing, _______ reserved EC2 instances are applied across the _____
With consolidated Billing, unused reserved EC2 instances are applied across the group
Service Control Policies manage the maximum available __________
Service Control Policies manage the maximum available permissions
SCPs must have all features in Organization _____
SCPs must have all features in Organization enabled
SCPs can be assigned at different _____ in the _________
SCPs can be assigned at different points in the hierarchy
SCPs only affect IAM _____ and _____ but do not affect _________ policies
SCPs only affect IAM users and roles but do not affect resources policies
SCPs affect the ____ account and ______ accounts but do not affect any action performed by the _________ account
SCPs affect the root account and member accounts but do not affect any action performed by the management account
SCPs Allow list strategy:
- No APIs are permitted anywhere unless you __________ _____ them
- No APIs are permitted anywhere unless you explicitly allow them
Accounts can be migrated between organizations. To do this, you must have ____ or IAM permissions to both the member and _________ accounts
To do this, you must have root or IAM permissions to both the member and management accounts
If you’re just migrating a few accounts, you can use the AWS Organizations console. But if there are many accounts to migrate use the AWS ____________ API or AWS ____
If you’re just migrating a few accounts, you can use the AWS Organizations console. But if there are many accounts to migrate use the AWS Organizations API or AWS CLI
Consolidated Billing can help with cost control through volume discounts, but the number of accounts you can link is limited to
20 linked accounts for consolidated billing (default)
A benefit of Consolidated Billing is a combined view of ______ incurred by all your _______
A benefit of Consolidated Billing is a combined view of charges incurred by all your accounts
With Consolidated Billing Paying accounts should be used for _______ purposes ____
With Consolidated Billing Paying accounts should be used for billing purposes only
What is the only way to restrict what the root account can do?
Service Control Policies
How can you use AWS Organizations to Centralize all your CloudTrail Logs?
CloudTrail allows you to log everything into a Single AWS account.
AWS Organization allows you to ______ workloads into separate accounts, which is a great way to add more layers of _______ and control.
AWS Organization allows you to isolate workloads into separate accounts which is a great way to add more layers of security and controls.
AWS Config is great for setting standardization across ___ ____ ______
AWS Config is great for setting standardization across all your account.
AWS Config will also check for compliance and automatically ________ problems using _________ documents.
AWS Config will also check for compliance and automatically remediate problems using automation documents.
Which AWS feature will provide you with a history of all changes to your architecture.
AWS Config
If AD is staying on-premises should you use AWS Managed Microsoft AD vs. AD Connector?
AD connector
Trusted Advisor is free to use but you’ll need a _________ or _________ _________ plan to get the most useful checks it offers.
Trusted Advisor is free to use but you’ll need a Business or Enterprise Support plan to get the most useful checks it offers.
Keep in mind that Trusted Advisor is only an ________ ____ it will not _____ the problem for you.
Keep in mind that Trusted Advisor is only an auditing tool it will not solve the problem for you.
To solve a problem, Trusted Advisor has found use _________ to kick off a ______ ________ .
To solve a problem, Trusted Advisor has found use Eventbridge to kick off a Lambda function
AWS Config will send you a notification in regards to a resource if what three scenarios?
AWS Config will send you a notification if a resource is created, deleted, or modified
AWS Config allows you to see __________ between your _________ resources
AWS Config allows you to see relationships between your different resources
AWS OpsWorks is a configuration management service that provides managed instances of ____ and _______
AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet
AWS Resource Access Manager (RAM) allows you to share resources across: (3)
AWS ________
AWS _____________ or OUs
IAM ____ and IAM users
AWS Resource Access Manager (RAM) allows you to share resources across:
AWS Accounts
AWS Organizations or OUs
IAM roles and IAM users
AWS Resource Access Manager (RAM) can be used to share which three resources?
VPC
EC2
Route 53
If moving everything to the cloud which service should you use AWS Managed Microsoft AD vs. AD Connector?
If moving everything to the cloud use Managed Microsoft AD
Chef and Puppet are automation platforms that allow you to use code to ________ the configurations of your _______.
Chef and Puppet are automation platforms that allow you to use code to automate the configurations of your servers.
AWS ___________ is a configuration management service that provides managed instances of Chef and Puppet.
AWS OpsWorks is a configuration management service that provides managed instances of Chef and Puppet.
OpsWorks lets you use Chef and Puppet to automate how servers are _________, ________, and _______ across your Amazon EC2 instances or on-premises
OpsWorks lets you use Chef and Puppet to automate how servers are configured, managed, and deployed across your Amazon EC2 instances or on-premises
