A company utilizes AWS Organizations for managing its AWS accounts. A solutions architect is tasked with designing a solution that restricts IAM actions exclusively to administrator roles. However, the solutions architect lacks access to all company-wide AWS accounts. What is the most efficient solution with minimal operational overhead to achieve this requirement?

Exam-Like

Implement an SCP that targets all AWS accounts, permitting IAM actions solely for administrator roles, and apply this SCP to the root organizational unit (OU).

46.7%

Set up AWS CloudTrail to trigger an AWS Lambda function for every IAM action event. Configure the Lambda function to block the action if the initiating user is not an administrator.

0.0%

Develop an SCP that targets all AWS accounts, denying IAM actions for all users except those with administrator roles, and apply this SCP to the root organizational unit (OU).

53.3%

Establish an IAM permissions boundary that authorizes IAM actions and attach this boundary to every administrator role across all AWS accounts.

0.0%

AWS Certified Solutions Architect - Professional

Get started today

Comments