Answer-first summary for fast verification
Answer: Develop SCPs (Service Control Policies) that integrate the Condition, Resource, and NotAction elements to permit access exclusively to the designated Regions and services.
The correct answer is 'C'. Creating Service Control Policies (SCPs) that include the Condition, Resource, and NotAction elements is the most operationally efficient solution. SCPs in AWS Organizations provide a scalable way to manage and enforce policies across multiple AWS accounts in your organization, ensuring that the development teams can use only the specified AWS Regions and have access only to the designated AWS services. This method centralizes control and reduces the operational overhead compared to managing individual policies in each account.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A company is implementing a multi-account strategy for its development teams using AWS Organizations and AWS IAM Identity Center (AWS Single Sign-On). The company requires a solution that ensures development teams are limited to specific AWS Regions and can only access certain AWS services within each account. What is the most operationally efficient solution to achieve these restrictions?
A
Utilize IAM Identity Center to establish service-linked roles with IAM policy statements that incorporate the Condition, Resource, and NotAction elements to grant access solely to the designated Regions and services.
B
Disable AWS Security Token Service (AWS STS) in the Regions where developers are prohibited from accessing.
C
Develop SCPs (Service Control Policies) that integrate the Condition, Resource, and NotAction elements to permit access exclusively to the designated Regions and services.
D
For every AWS account, craft customized identity-based policies for IAM Identity Center that utilize statements including the Condition, Resource, and NotAction elements to allow access only to the designated Regions and services.
No comments yet.