A company manages a multi-account AWS environment using AWS Control Tower, which integrates AWS Organizations, AWS Config, and AWS Trusted Advisor. They have designated an Organizational Unit (OU) specifically for development accounts, where hundreds of developers each have their own individual account for experimentation. To manage costs effectively, the company requires that only burstable Amazon EC2 and Amazon RDS instances be used in these development accounts. Additionally, they wish to restrict the use of other non-essential AWS services. What solution should a solutions architect propose to enforce these requirements?

Exam-Like

Develop a custom Service Control Policy (SCP) within AWS Organizations to permit only the deployment of burstable instances and to prohibit the use of irrelevant services. Apply this SCP to the development OU.

50.0%

Establish a custom detective control (guardrail) in AWS Control Tower, configured to allow only burstable instances and to block non-essential services. Implement this control on the development OU.

16.7%

Set up a custom preventive control (guardrail) in AWS Control Tower, configured to allow only burstable instances and to prevent the use of non-essential services. Apply this control to the development OU.

16.7%

Create an AWS Config rule in the AWS Control Tower account, configured to allow only burstable instances and to disallow non-essential services. Deploy this AWS Config rule to the development OU using AWS CloudFormation StackSets.

16.7%

AWS Certified Solutions Architect - Professional

Comments

Get started today