Question #1293
An organization needs to centrally manage and govern their multi-account AWS environment. Which AWS service provides the most comprehensive solution for this requirement?
AWS CloudFormation
AWS Control Tower
AWS Config
Amazon Virtual Private Cloud (Amazon VPC)
Explanation
AWS Control Tower (B) is the most comprehensive solution for managing and governing multi-account AWS environments. It automates the setup of a secure, compliant baseline (Landing Zone), enforces guardrails (predefined rules for security and compliance), and provides centralized visibility across accounts.
- Why other options are incorrect:
- A. AWS CloudFormation: Focuses on infrastructure-as-code for resource provisioning, not multi-account governance.
- C. AWS Config: Monitors resource configurations and compliance but lacks centralized account management features.
- D. Amazon VPC: Provides network isolation within an account, unrelated to multi-account governance.
Key Points: Control Tower simplifies multi-account management with preconfigured best practices, automated guardrails, and centralized policy enforcement, making it the optimal choice for governance at scale.
Answer
The correct answer is: B