Topic 1 Question 232
A company uses an organization in AWS Organizations to help separate its Amazon EC2 instances and VPCs. The company has separate OUs for development workloads and production workloads.
A security engineer must ensure that only AWS accounts in the production OU can write VPC flow logs to an Amazon S3 bucket. The security engineer is configuring the S3 bucket policy with a Condition element to allow the s3:PutObject action for VPC flow logs.
How should the security engineer configure the Condition element to meet these requirements?
Set the value of the aws:SourceOrgID condition key to be the organization ID.
Set the value of the aws:SourceOrgPaths condition key to be the Organizations entity path of the production OU.
Set the value of the aws:ResourceOrgID condition key to be the organization ID.
Set the value of the aws:ResourceOrgPaths condition key to be the Organizations entity path of the production OU.
ユーザの投票
コメント(1)
- 正解だと思う選択肢: B
Set the value of the aws:SourceOrgPaths condition key to be the Organizations entity path of the production OU
👍 1Asma20232025/01/04
シャッフルモード