Topic 1 Question 258
A company is using AWS Organizations with the default SCP. The company needs to restrict AWS usage for all AWS accounts that are in a specific OU.
Except for some desired global services, the AWS usage must occur only in the eu-west-1 Region for all accounts in the OU. A security engineer must create an SCP that applies the restriction to existing accounts and any new accounts in the OU.
Which SCP will meet these requirements?
ユーザの投票
コメント(1)
- 正解だと思う選択肢: C
Option C is the correct answer. Here's why: The requirement is to restrict AWS usage to only eu-west-1 region (except for global services). This means we need to: Use "Deny" effect to block access Use "StringNotEquals" condition to deny requests to any region that is NOT eu-west-1 Use "NotAction" to exclude the desired global services from this restriction
👍 1fcbflo2025/03/05
シャッフルモード
