Topic 1 Question 334
A company has multiple AWS accounts. The company uses AWS Organizations with an organizational unit (OU) for the production account and another OU for the development account. Corporate policies state that developers may use only approved AWS services in the production account.
What is the MOST operationally efficient solution to control the production account?
Create a customer managed policy in AWS Identity and Access Management (IAM). Apply the policy to all users within the production account.
Create a job function policy in AWS Identity and Access Management (IAM). Apply the policy to all users within the production OU.
Create a service control policy (SCP). Apply the SCP to the production OU.
Create an IAM policy. Apply the policy in Amazon API Gateway to restrict the production account.
ユーザの投票
コメント(3)
- 正解だと思う選択肢: C
C: SCP
👍 2Pete9872023/06/30 To control the use of approved AWS services in the production account, the most operationally efficient solution would be to create a service control policy (SCP) and apply it to the production organizational unit (OU). An SCP is a type of policy that you can use with AWS Organizations to manage permissions in your organization’s accounts. With an SCP, you can specify the services and actions that users and roles can use in the accounts that are part of the OU to which the SCP is attached. This allows you to centrally control the use of approved AWS services in the production account.
So, the correct answer would be C. Create a service control policy (SCP). Apply the SCP to the production OU.
👍 2[Removed]2023/07/09- 正解だと思う選択肢: C
I would go with C as per the previous questions.
👍 1mh82023/07/23
シャッフルモード