Answer-first summary for fast verification
Answer: Associate the specific member accounts with a new Organizational Unit (OU), apply a tag policy, and use an SCP with conditions to limit Regions.
The correct answer is D. You should associate the specific member accounts with a new Organizational Unit (OU), apply a tag policy, and use a Service Control Policy (SCP) with conditions to limit Regions. Using SCPs within an OU provides a centralized way to manage and enforce policies across multiple AWS accounts, ensuring compliance with regulatory requirements and centralized management with minimal configuration.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A company is utilizing AWS Organizations to manage multiple accounts and must adhere to regulatory requirements that mandate restricting specific member accounts to certain AWS Regions for resource deployment. Additionally, all resources within these accounts must be tagged in accordance with a standardized group policy and managed centrally with minimal configuration overhead. What should a solutions architect implement to fulfill these requirements?
A
Create an AWS Config rule within the specific member accounts to restrict Regions and enforce a tag policy.
B
Disable Regions for the specific member accounts from the AWS Billing and Cost Management console in the management account and apply a tag policy at the root level.
C
Associate the specific member accounts with the root account, apply a tag policy, and use an SCP with conditions to limit Regions.
D
Associate the specific member accounts with a new Organizational Unit (OU), apply a tag policy, and use an SCP with conditions to limit Regions.
No comments yet.