A customer needs corporate IT governance and cost oversight of all AWS resources
consumed by its divisions. The divisions want to maintain administrative control of the
discrete AWS resources they consume and keep those resources separate from the
resources of other divisions. Which of the following options, when used together will support
the autonomy/control of divisions while enabling corporate IT to maintain governance and
cost oversight?
Choose 2 answers
A.
Use AWS Consolidated Billing and disable AWS root account access for the child accounts.
B.
Enable IAM cross-account access for all corporate IT administrators in each child account.
C.
Create separate VPCs for each division within the corporate IT AWS account.
D.
Use AWS Consolidated Billing to link the divisions’ accounts to a parent corporate account.
E.
Write all child AWS CloudTrail and Amazon CloudWatch logs to each child account’s Amazon S3
‘Log’ bucket.
Explanation:
http://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html
http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/consolidated-billing.html