AWS Certified Solutions Architect - Professional
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
A company manages a multi-account AWS environment using AWS Control Tower, which integrates AWS Organizations, AWS Config, and AWS Trusted Advisor. They have designated an Organizational Unit (OU) specifically for development accounts, where hundreds of developers each have their own individual account for experimentation. To manage costs effectively, the company requires that only burstable Amazon EC2 and Amazon RDS instances be used in these development accounts. Additionally, they wish to restrict the use of other non-essential AWS services. What solution should a solutions architect propose to enforce these requirements?
Explanation:
The correct answer is A: Develop a custom Service Control Policy (SCP) within AWS Organizations to permit only the deployment of burstable instances and to prohibit the use of irrelevant services. Apply this SCP to the development OU. This approach is appropriate for enforcing specific policies across multiple accounts within an Organizational Unit (OU). Service Control Policies (SCPs) are used to manage permissions for accounts in your organization and ensure compliance with organization-wide policies. Custom SCPs can restrict which services and actions are available, making them ideal for this use case where cost optimization and control over service usage are required.