AWS Certified Cloud Practitioner
Get started today
Ultimate access to all questions.
Deep dive into the quiz with AI chat providers.
We prepare a focused prompt with your quiz and certificate details so each AI can offer a more tailored, in-depth explanation.
A company manages AWS accounts in an organization in AWS Organizations. The company needs to limit the access to selected AWS services for these member accounts. Which AWS service or feature will meet this requirement?
Real Exam
Community
RRitesh
0
A
AWS Identity and Access Management (IAM)
B
Service control policies (SCPs)
C
Organizational units (OUs)
D
Tag policies
Explanation:
Service Control Policies (SCPs) are the correct solution for this requirement. Here's why:
- SCPs are used in AWS Organizations to set permission guardrails for member accounts
- They allow you to control which AWS services and actions are available to users and roles in member accounts
- SCPs work at the organization level and apply to all accounts in the organization or specific organizational units (OUs)
- Unlike IAM policies that grant permissions, SCPs set maximum permissions (what users CANNOT do)
- Organizational units (OUs) are containers for organizing accounts but don't directly control service access
- Tag policies control tag standards and compliance, not service access
- IAM manages permissions within individual accounts but doesn't provide organization-wide service restrictions
SCPs are specifically designed for this use case of centrally managing service access across multiple AWS accounts in an organization.
Comments
Loading comments...