Topic 1 Question 236
A company is designing an AWS Organizations structure. The company wants to standardize a process to apply tags across the entire organization. The company will require tags with specific values when a user creates a new resource. Each of the company's OUs will have unique tag values.
Which solution will meet these requirements?
Use an SCP to deny the creation of resources that do not have the required tags. Create a tag policy that includes the tag values that the company has assigned to each OU. Attach the tag policies to the OUs.
Use an SCP to deny the creation of resources that do not have the required tags. Create a tag policy that includes the tag values that the company has assigned to each OU. Attach the tag policies to the organization's management account.
Use an SCP to allow the creation of resources only when the resources have the required tags. Create a tag policy that includes the tag values that the company has assigned to each OU. Attach the tag policies to the OUs.
Use an SCP to deny the creation of resources that do not have the required tags. Define the list of tags. Attach the SCP to the OUs.
ユーザの投票
コメント(16)
- 正解だと思う選択肢: A
You go to the management account -> Organizations console -> Policies -> Tag policies -> "name of the policy" -> attach to OU. That's it - A is correct
👍 4Maria20232023/06/27 - 正解だと思う選択肢: B
B - you don't have apply SCPs to each account or OU. Attaching the tag policies to the organization's management account ensures that the policies are applied consistently to all OUs within the organization. C is incorrect because SCP are NOT used for ALLOW action. They are used for DENY actions (setting boundaries)
👍 3bhanus2023/06/21 - 正解だと思う選択肢: A
It's A. The policies are different for each account, so you can't assign it to the management account. Exact same scenario: https://aws.amazon.com/blogs/mt/implement-aws-resource-tagging-strategy-using-aws-tag-policies-and-service-control-policies-scps/
👍 3SmileyCloud2023/06/26
シャッフルモード