A company is implementing a multi-account strategy for its development teams using AWS Organizations and AWS IAM Identity Center (AWS Single Sign-On). The company requires a solution that ensures development teams are limited to specific AWS Regions and can only access certain AWS services within each account. What is the most operationally efficient solution to achieve these restrictions?

Exam-Like

Utilize IAM Identity Center to establish service-linked roles with IAM policy statements that incorporate the Condition, Resource, and NotAction elements to grant access solely to the designated Regions and services.

0.0%

Disable AWS Security Token Service (AWS STS) in the Regions where developers are prohibited from accessing.

0.0%

Develop SCPs (Service Control Policies) that integrate the Condition, Resource, and NotAction elements to permit access exclusively to the designated Regions and services.

100.0%

For every AWS account, craft customized identity-based policies for IAM Identity Center that utilize statements including the Condition, Resource, and NotAction elements to allow access only to the designated Regions and services.

0.0%

AWS Certified Security - Specialty

Get started today

Comments