Answer-first summary for fast verification
Answer: Use AWS Organizations to create separate accounts for each environment, implement SCPs to restrict access to non-compliant services, and use AWS Control Tower to enforce GDPR compliance.
Option B is the correct approach as it leverages AWS Organizations for account separation, SCPs for enforcing compliance and security controls, and AWS Control Tower for additional governance and compliance features, which are essential for GDPR compliance.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
You are tasked with developing a multi-account strategy for a large enterprise that requires strict separation of environments (development, testing, production) and compliance with GDPR. Describe how you would structure the AWS accounts, implement AWS Organizations, and use Service Control Policies (SCPs) to enforce compliance and security controls across all accounts.
A
Create a single AWS account for all environments and use IAM policies to separate access.
B
Use AWS Organizations to create separate accounts for each environment, implement SCPs to restrict access to non-compliant services, and use AWS Control Tower to enforce GDPR compliance.
C
Create a single AWS account and use VPCs to isolate environments, without using AWS Organizations or SCPs.
D
Use AWS Organizations to create a single account per department, without implementing SCPs or considering GDPR compliance.
No comments yet.