Answer-first summary for fast verification
Answer: Develop a service control policy (SCP) to prohibit access to billing information and apply it to the root organizational unit (OU).
The most effective method to ensure that billing information is not accessible to anyone, including the root user of member accounts, is to use a Service Control Policy (SCP). SCPs are used at the organizational level in AWS Organizations to restrict access to AWS services and actions across the AWS accounts in your organization. By creating an SCP to deny access to billing information and attaching it to the root organizational unit (OU), you can enforce organization-wide restrictions that even the root user cannot override. Therefore, the correct answer is C.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A media company utilizing AWS Organizations with all features enabled seeks to restrict access to billing information on member accounts, including for the root user. What is the appropriate solution?
A
Create an IAM group for the finance team and assign the AWS Billing managed policy.
B
Implement an identity-based policy to restrict all users, including the root user, from accessing billing details.
C
Develop a service control policy (SCP) to prohibit access to billing information and apply it to the root organizational unit (OU).
D
Switch from the all features to the consolidated billing feature set in AWS Organizations.
No comments yet.