AWS Certified Security - Specialty
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
A company is implementing a multi-account strategy for its development teams using AWS Organizations and AWS IAM Identity Center (AWS Single Sign-On). The company requires a solution that ensures development teams are limited to specific AWS Regions and can only access certain AWS services within each account. What is the most operationally efficient solution to achieve these restrictions?
Explanation:
The correct answer is 'C'. Creating Service Control Policies (SCPs) that include the Condition, Resource, and NotAction elements is the most operationally efficient solution. SCPs in AWS Organizations provide a scalable way to manage and enforce policies across multiple AWS accounts in your organization, ensuring that the development teams can use only the specified AWS Regions and have access only to the designated AWS services. This method centralizes control and reduces the operational overhead compared to managing individual policies in each account.