AWS DevOps Engineer Professional Practice Test

How can compliance status be aggregated across multiple AWS accounts using AWS Config?

• A. Enable CloudTrail in all accounts
• B. Use AWS Config with multi-account data aggregation
• C. Consolidate billing for better monitoring
• D. Deploy AWS Config rules in each account

The correct answer is: Use AWS Config with multi-account data aggregation

Using AWS Config with multi-account data aggregation is the most effective way to gather compliance status across multiple AWS accounts. AWS Config enables you to assess, audit, and evaluate the configurations of your AWS resources, and by aggregating data from multiple accounts into a single account, you can centralize your view of compliance across your organization. The multi-account aggregation feature of AWS Config allows organizations to collect and view the configuration history and compliance status of resources across all their accounts in one place, typically in a designated aggregator account. This centralized visibility is crucial for compliance reporting, remediation efforts, and security assessments. By using this approach, organizations can streamline their compliance checks and ensure that they have a comprehensive understanding of their overall infrastructure's adherence to regulatory and internal standards. It allows for proactive compliance monitoring and simplifies auditing processes since all relevant data would be accessible from a single pane, increasing efficiency and reducing potential oversights. In contrast, while options like enabling CloudTrail or deploying AWS Config rules in each account may contribute to monitoring or compliance efforts, they do not provide the same level of centralized oversight and aggregation of compliance status as using multi-account data aggregation within AWS Config does.