Q21 — AWS DOP-C02 Ch.2
Question 21 of 100 | ← Chapter 2
A company uses AWS Organizations and AWS Control Tower to manage its AWS accounts. The company has an Enterprise Support plan. A DevOps engineer is using Terraform Account Factory for AWS (AFT) to provision new accounts. During provisioning, the DevOps engineer notices that the new accounts are configured with the Basic Support plan. The DevOps engineer needs to implement a solution to provide the Enterprise Support plan to new accounts. Which solution meets these requirements?
- A. Use AWS Config conformance packs to deploy account-level AWS Config rules and automatically remediate any noncompliant accounts.
- B. Create an AWS Lambda function that creates a support case with AWS Support to add the customer to the Enterprise Support plan. Grant the Lambda function the Support:ResolveCase permission.
- C. Add an additional value to the control_tower_parameters input to set the AWSEnterpriseSupport parameter on the organization’s management account.
- D. Set the aft_feature_enterprise_support feature flag to True in the AFT deployment input configuration. Redeploy AFT and apply the changes. ✓
Correct Answer: D. Set the aft_feature_enterprise_support feature flag to True in the AFT deployment input configuration. Redeploy AFT and apply the changes.
Explanation
Terraform Account Factory for AWS (AFT) supports configuring the Enterprise Support plan via a feature flag. AWS AFT documentation states that the `aft_feature_enterprise_support` parameter controls whether new accounts are automatically enrolled in the organization's Enterprise Support plan; setting it to `True` enables this during provisioning. Option A addresses compliance remediation but does not directly modify support plan assignment; Option B relies on manual ticketing and is not automated; Option C references `control_tower_parameters`, which is used natively by AWS Control Tower—not AFT, which uses its own parameters. Correct answer D directly modifies the AFT configuration, satisfying the requirement for automated provisioning.