The Jeff’s Note (Contextual Hook) #
Jeff’s Note #
“Unlike generic exam dumps, ADH analyzes this scenario through the lens of a Real-World Site Reliability Engineer (SRE).”
“For SOA-C02 candidates, the confusion often lies in enabling service integrations inside AWS Organizations – what requires explicit trusted access setup versus what simply requires feature activation. In production, this means knowing exactly which AWS services need manual trusted access configuration to operate across accounts delegated by the management account. Let’s drill down.”
The Certification Drill (Simulated Question) #
Scenario #
CloudWorks Inc., a global SaaS provider, manages multiple AWS accounts under a consolidated AWS Organization. The SRE team at CloudWorks wants to enable AWS Compute Optimizer and enforce company-wide tag policies through the organization’s management account to standardize resource optimization and tagging across all member accounts in their billing family.
The SRE navigates to the AWS Organizations console from the management account and attempts to activate tag policies. However, the option to enable Compute Optimizer’s advanced governance features or tag policies across member accounts is not available.
The Requirement: #
Identify the root reason why the SRE cannot enable AWS Compute Optimizer and tag policies directly from the management account to govern all member accounts.
The Options #
- A) The AWS Organization has not yet been configured to allow all features.
- B) Consolidated Billing has not been enabled for the Organization.
- C) Tagging and cost allocation have not been enabled on the member accounts.
- D) Trusted access for Compute Optimizer has not been manually enabled from the member accounts.
Google adsense #
leave a comment:
Correct Answer #
D
Quick Insight: The SOA-C02 Imperative #
For Site Reliability Engineers, it’s critical to recognize that some AWS services require explicit trusted access to be enabled from each member account before the management account can govern those services centrally. Compute Optimizer is one such service—without enabling trusted access, centralized governance and recommendations won’t function as expected.
Content Locked: The Expert Analysis #
You’ve identified the answer. But do you know the implementation details that separate a Junior from a Senior?
The Expert’s Analysis #
Correct Answer #
Option D
The Winning Logic #
AWS Compute Optimizer requires trusted access to be explicitly enabled on each member account so that the service can collect data and provide centralized optimization recommendations via the management account. Trusted access acts as a secure delegation of permissions allowing the management account to govern Compute Optimizer functionality across the organization.
- The inability to enable tag policies or Compute Optimizer’s features centrally stems from the fact that trusted access isn’t automatically activated for Compute Optimizer when you create an organization.
- Each member account needs to opt-in (enable trusted access) for Compute Optimizer before the management account can apply governance features organization-wide.
The Trap (Distractor Analysis): #
- Why not A?
Enabling all features in the organization is necessary for some operations, but trusted access for Compute Optimizer specifically must still be manually enabled on member accounts, so “all features” alone is insufficient. - Why not B?
Consolidated billing affects cost visibility but does not impact the ability to activate tag policies or Compute Optimizer governance. - Why not C?
Tags and cost allocation must be enabled to track costs but don’t prevent tag policies or Compute Optimizer from being activated centrally if trusted access isn’t granted.
The Technical Blueprint #
# To enable trusted access for Compute Optimizer on a member account using AWS CLI:
aws organizations enable-aws-service-access --service-principal compute-optimizer.amazonaws.com
# Note: This command is run from the management account to enable trusted access
# Member accounts must have Compute Optimizer enabled in their accounts and privileges granted.
The Comparative Analysis #
| Option | Operational Overhead | Automation Level | Impact |
|---|---|---|---|
| A | Moderate | Low | Organization features needed but not sufficient |
| B | Low | N/A | Affects billing/reporting only |
| C | Low | Low | Tagging setup - unrelated to trusted access |
| D | Required manual member action | Moderate | Correct enabling of trusted access for Compute Optimizer |
Real-World Application (Practitioner Insight) #
Exam Rule #
“For the exam, always pick trusted access enablement when you see AWS services integrated through AWS Organizations requiring cross-account governance.”
Real World #
“In a real enterprise environment, forgetting to enable trusted access for a key AWS service like Compute Optimizer can block centralized monitoring and cost optimization. Automating trusted access enablement as part of account provisioning scripts helps avoid this operational gap.”
(CTA) Stop Guessing, Start Mastering #
Disclaimer
This is a study note based on simulated scenarios for the SOA-C02 exam.