Explanation:
Option B is the correct approach as it involves creating targeted SCPs that restrict specific high-risk services, enhancing security without completely disabling necessary services, which is crucial for maintaining operational functionality in AWS accounts.
Ultimate access to all questions.
No comments yet.
You are tasked with implementing Service Control Policies (SCPs) in AWS Organizations to enforce a policy that restricts the use of certain high-risk AWS services. Describe how you would design and deploy these SCPs, including specific services you would restrict and the impact on account usage.
A
Deploy SCPs that completely disable all AWS services across all accounts.
B
Create SCPs that restrict access to high-risk services such as Amazon S3 public access, AWS Lambda functions with internet access, and Amazon EC2 instances with unrestricted traffic, while allowing other necessary services.
C
Use SCPs to monitor service usage without restricting any actions.
D
Disable SCPs and rely on IAM policies to manage service usage.