Management & Governance - AWS Organization Flashcards

1
Q

Purpose

A

Central governance and management across AWS accounts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Use Case

A

you can consolidate multiple AWS accounts into an organization that you create and centrally manage. simplify billing by using a single payment method for all of your accounts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Access

A

AWS Management Console; You can also use the AWS CLI (for command-line access) or SDKs to perform the same steps to create a new organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Availability

A

AWS Organizations is available in all AWS commercial regions, AWS GovCloud (US) regions, and China regions The service endpoints for AWS Organizations are located in US East (N. Virginia) for commercial organizations and AWS GovCloud (US-West) for AWS GovCloud (US) organizations, and AWS China (Ningxia) region, operated by NWCD.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Billing

A

The owner of the management account is responsible for paying for all usage, data, and resources used by the accounts in the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Competition

A

AWS Control Tower, AWS Control Tower offers an abstracted, automated, and prescriptive experience on top of AWS Organizations. It automatically sets up AWS Organizations as the underlying AWS service to organize accounts and implements preventive guardrails using SCPs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is an organization

A

An organization is a collection of AWS accounts that you can organize into a hierarchy and manage centrally.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is an OU?

A

An organizational unit (OU) is a group of AWS accounts within an organization. An OU can also contain other OUs enabling you to create a hierarchy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a Service Control Policy?

A

are a type of organization policy that you can use to manage permissions in your organization. Service Control Policies (SCPs) allow you to control which AWS service actions are accessible to principals (account root, IAM users, and IAM roles) in the accounts of your organization. organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does an SCP look like?

A
SCPs follow the same rules and grammar as IAM policies. 
{ 
 "Version":"2012-10-17", 
 "Statement":[ 
 { 
 "Effect":"Allow", 
 "Action":["EC2:*","S3:*"], 
 "Resource":"*" 
 } 
 ] 
 }
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

SCP recommendations?

A

AWS strongly recommends that you don’t attach SCPs to the root of your organization without thoroughly testing the impact that the policy has on accounts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly