Answer-first summary for fast verification
Answer: Enforce a service control policy (SCP) to restrict tag modifications to authorized principals only.
The correct answer is C. To ensure that cost usage tags are not modified without authorization in multiple AWS accounts within an AWS Organization, you should use a Service Control Policy (SCP). SCPs allow you to manage permissions for the accounts in your organization. By using an SCP, you can define policies that prevent tag modification and specify exceptions for authorized principals. This provides a centralized and efficient way to enforce these restrictions across all accounts in the organization.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
In an AWS environment with multiple accounts under an organization, how can a company ensure that cost usage tags are not modified without authorization?
A
Implement a custom AWS Config rule restricting tag changes to authorized users.
B
Utilize a custom AWS CloudTrail trail to monitor and prevent unauthorized tag modifications.
C
Enforce a service control policy (SCP) to restrict tag modifications to authorized principals only.
D
Leverage custom Amazon CloudWatch logs for monitoring and preventing tag modifications.