AWS Certified Cloud Practitioner

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Service control policies (SCPs)

Service Control Policies (SCPs) are the correct solution for this requirement. Here's why: - **SCPs** are used in AWS Organizations to set permission guardrails for member accounts - They allow you to control which AWS services and actions are available to users and roles in member accounts - SCPs work at the organization level and apply to all accounts in the organization or specific organizational units (OUs) - Unlike IAM policies that grant permissions, SCPs set maximum permissions (what users CANNOT do) - **Organizational units (OUs)** are containers for organizing accounts but don't directly control service access - **Tag policies** control tag standards and compliance, not service access - **IAM** manages permissions within individual accounts but doesn't provide organization-wide service restrictions SCPs are specifically designed for this use case of centrally managing service access across multiple AWS accounts in an organization.

Author: Ritesh Yadav

Quick Answer

Answer-first summary for fast verification

Answer: Service control policies (SCPs)

Author: Ritesh Yadav

Comments (0)

No comments yet.

A company manages AWS accounts in an organization in AWS Organizations. The company needs to limit the access to selected AWS services for these member accounts. Which AWS service or feature will meet this requirement?

Real Exam

Community

RRitesh

AWS Identity and Access Management (IAM)

50.0%

Service control policies (SCPs)

30.0%

Organizational units (OUs)

20.0%

Tag policies