AWS Certified Solutions Architect - Professional
Get started today
Ultimate access to all questions.
A company is utilizing AWS Organizations to manage multiple accounts and must adhere to regulatory requirements that mandate restricting specific member accounts to certain AWS Regions for resource deployment. Additionally, all resources within these accounts must be tagged in accordance with a standardized group policy and managed centrally with minimal configuration overhead. What should a solutions architect implement to fulfill these requirements?
A company is utilizing AWS Organizations to manage multiple accounts and must adhere to regulatory requirements that mandate restricting specific member accounts to certain AWS Regions for resource deployment. Additionally, all resources within these accounts must be tagged in accordance with a standardized group policy and managed centrally with minimal configuration overhead. What should a solutions architect implement to fulfill these requirements?
Explanation:
The correct answer is D. You should associate the specific member accounts with a new Organizational Unit (OU), apply a tag policy, and use a Service Control Policy (SCP) with conditions to limit Regions. Using SCPs within an OU provides a centralized way to manage and enforce policies across multiple AWS accounts, ensuring compliance with regulatory requirements and centralized management with minimal configuration.