Examtopics

AWS Certified Solutions Architect - Associate

871
873

Topic 1 Question 872
A development team uses multiple AWS accounts for its development, staging, and production environments. Team members have been launching large Amazon EC2 instances that are underutilized. A solutions architect must prevent large instances from being launched in all accounts.

How can the solutions architect meet this requirement with the LEAST operational overhead?
- Update the IAM policies to deny the launch of large EC2 instances. Apply the policies to all users.
- Define a resource in AWS Resource Access Manager that prevents the launch of large EC2 instances.
- Create an IAM role in each account that denies the launch of large EC2 instances. Grant the developers IAM group access to the role.
- Create an organization in AWS Organizations in the management account with the default policy. Create a service control policy (SCP) that denies the launch of large EC2 instances, and apply it to the AWS accounts.
ユーザの投票
コメント(4)
- 正解だと思う選択肢: D
  https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps.html
  
  👍 6
  Hkayne2024/04/19
- 正解だと思う選択肢: D
  https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_scps_examples.html
  
  👍 3
  example_2024/07/13
- why is it not A? If the goal is only to prevent launch of EC2s
  
  👍 2
  744fdad2024/08/05
シャッフルモード

871
873