ExpertAWS SAP-C02 · Question 23 · Domain 1.2: Security Controls
An enterprise is migrating its Active Directory to AWS. They want to use AWS Managed Microsoft AD. They have a requirement to share this directory with 20 other AWS accounts in their AWS Organization so that EC2 instances in those accounts can seamlessly join the domain. What is the MOST operationally efficient way to achieve this?
An enterprise is migrating its Active Directory to AWS. They want to use AWS Managed Microsoft AD. They have a requirement to share this directory with 20 other AWS accounts in their AWS Organization so that EC2 instances in those accounts can seamlessly join the domain. What is the MOST operationally efficient way to achieve this?
Answer options:
Deploy an AWS Managed Microsoft AD in each of the 20 accounts and establish trust relationships between them.
Use AWS Directory Service to share the directory with the AWS Organization. Use seamless domain join when launching EC2 instances in the member accounts.
Configure VPC peering between the directory account and the 20 member accounts. Manually join each EC2 instance to the domain.
Use AWS IAM Identity Center (AWS SSO) to sync users from the directory to the 20 accounts.
How to approach this question
Full Answer
Common mistakes
Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 7
75 questions · hints · full answers · grading