A company is utilizing AWS Control Tower to manage AWS accounts within an AWS Organizations environment. They have an Organizational Unit (OU) containing multiple accounts. The company requires a solution to ensure that no new or existing Amazon EC2 instances within these accounts can obtain a public IP address. Which of the following solutions will effectively meet this requirement?

Exam-Like

Configure all instances across each account in the OU to integrate with AWS Systems Manager. Utilize a Systems Manager Automation runbook to enforce the prevention of public IP addresses being assigned to these instances.

0.0%

Implement an AWS Control Tower proactive control to monitor instances within the OU's accounts for public IP addresses. Set the AssociatePublicIpAddress property to False and apply this proactive control to the OU.

0.0%

Develop a Service Control Policy (SCP) that disallows the initiation of instances with public IP addresses. Additionally, configure the SCP to block the assignment of public IP addresses to any existing instances. Attach this SCP to the OU.

100.0%

Create a custom AWS Config rule to identify instances with public IP addresses. Set up a remediation action that employs an AWS Lambda function to remove public IP addresses from detected instances.

0.0%

AWS Certified Solutions Architect - Professional

Get started today

Comments