AWS Certified Solutions Architect - Professional

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Develop a custom Service Control Policy (SCP) within AWS Organizations to permit only the deployment of burstable instances and to prohibit the use of irrelevant services. Apply this SCP to the development OU.

The correct answer is A: Develop a custom Service Control Policy (SCP) within AWS Organizations to permit only the deployment of burstable instances and to prohibit the use of irrelevant services. Apply this SCP to the development OU. This approach is appropriate for enforcing specific policies across multiple accounts within an Organizational Unit (OU). Service Control Policies (SCPs) are used to manage permissions for accounts in your organization and ensure compliance with organization-wide policies. Custom SCPs can restrict which services and actions are available, making them ideal for this use case where cost optimization and control over service usage are required.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

A company manages a multi-account AWS environment using AWS Control Tower, which integrates AWS Organizations, AWS Config, and AWS Trusted Advisor. They have designated an Organizational Unit (OU) specifically for development accounts, where hundreds of developers each have their own individual account for experimentation. To manage costs effectively, the company requires that only burstable Amazon EC2 and Amazon RDS instances be used in these development accounts. Additionally, they wish to restrict the use of other non-essential AWS services. What solution should a solutions architect propose to enforce these requirements?

Exam-Like

Develop a custom Service Control Policy (SCP) within AWS Organizations to permit only the deployment of burstable instances and to prohibit the use of irrelevant services. Apply this SCP to the development OU.

50.0%

Establish a custom detective control (guardrail) in AWS Control Tower, configured to allow only burstable instances and to block non-essential services. Implement this control on the development OU.

16.7%

Set up a custom preventive control (guardrail) in AWS Control Tower, configured to allow only burstable instances and to prevent the use of non-essential services. Apply this control to the development OU.

16.7%

Create an AWS Config rule in the AWS Control Tower account, configured to allow only burstable instances and to disallow non-essential services. Deploy this AWS Config rule to the development OU using AWS CloudFormation StackSets.