AWS Certified DevOps Engineer - Professional
Get started today
Ultimate access to all questions.
Comments
Loading comments...
Ultimate access to all questions.
In an AWS Organizations setup, the root contains an OU named 'Environments', which in turn has two child OUs: 'Development' and 'Production'. All these OUs currently have the default FullAWSAccess policy. A DevOps engineer intends to remove the FullAWSAccess policy from the 'Development' OU and replace it with a policy that permits all actions exclusively on Amazon EC2 resources. What would be the resulting access control effect for users within the 'Development' OU after this policy change?
A
All users in the Development OU will be allowed all API actions on all resources.
B
All users in the Development OU will be allowed all API actions on EC2 resources. All other API actions will be denied.
C
All users in the Development OU will be denied all API actions on all resources.
D
All users in the Development OU will be denied all API actions on EC2 resources. All other API actions will be allowed.