AWS Certified Solutions Architect - Professional

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Develop a Service Control Policy (SCP) that disallows the initiation of instances with public IP addresses. Additionally, configure the SCP to block the assignment of public IP addresses to any existing instances. Attach this SCP to the OU.

The correct answer is C. Creating a Service Control Policy (SCP) that prevents the launch of instances with public IP addresses and also prevents the assignment of public IP addresses to existing instances ensures that no instances within the OU's accounts can have public IP addresses. Proactive controls in AWS Control Tower, as in option B, are used to check for policy compliance before resources are deployed but do not necessarily handle existing resources effectively. Implementing an SCP is a reliable way to enforce this restriction across all accounts in the OU, making sure the requirement is met both for new and existing instances. Options A and D might help in managing the instances but do not provide a robust, centralized enforcement mechanism like SCP does.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

A company is utilizing AWS Control Tower to manage AWS accounts within an AWS Organizations environment. They have an Organizational Unit (OU) containing multiple accounts. The company requires a solution to ensure that no new or existing Amazon EC2 instances within these accounts can obtain a public IP address. Which of the following solutions will effectively meet this requirement?

Exam-Like

Configure all instances across each account in the OU to integrate with AWS Systems Manager. Utilize a Systems Manager Automation runbook to enforce the prevention of public IP addresses being assigned to these instances.

12.5%

Implement an AWS Control Tower proactive control to monitor instances within the OU's accounts for public IP addresses. Set the AssociatePublicIpAddress property to False and apply this proactive control to the OU.

0.0%

Develop a Service Control Policy (SCP) that disallows the initiation of instances with public IP addresses. Additionally, configure the SCP to block the assignment of public IP addresses to any existing instances. Attach this SCP to the OU.

87.5%

Create a custom AWS Config rule to identify instances with public IP addresses. Set up a remediation action that employs an AWS Lambda function to remove public IP addresses from detected instances.