A company is expanding and plans to segregate its resources into numerous AWS accounts across various AWS Regions. A solutions architect needs to devise a strategy that restricts access to operations in non-approved Regions. What solution should the architect propose to achieve this?

Exam-Like

Develop IAM roles for each account and formulate IAM policies with conditional allow permissions that exclusively include the approved Regions for those accounts.

20.0%

Establish an organization within AWS Organizations and create IAM users for each account, attaching a policy to each user to prevent access to Regions where the account is not permitted to deploy infrastructure.

0.0%

Deploy an AWS Control Tower landing zone and create organizational units (OUs), attaching service control policies (SCPs) that prohibit access to services outside of the approved Regions.

60.0%

Activate AWS Security Hub across all accounts and implement controls to define the Regions in which the accounts are authorized to deploy infrastructure.

20.0%

AWS Certified Solutions Architect - Professional

Get started today

Comments

A company is expanding and plans to segregate its resources into numerous AWS accounts across various AWS Regions. A solutions architect needs to devise a strategy that restricts access to operations in non-approved Regions. What solution should the architect propose to achieve this?