AWS Certified Cloud Practitioner

Explanation:

AWS Organizations with Service Control Policies (SCPs) is the correct answer because:

1. AWS Organizations is a service that enables you to centrally manage and govern your AWS environment as you grow and scale your AWS resources.

2. Service Control Policies (SCPs) are a feature of AWS Organizations that allow you to set permission guardrails for accounts in your organization. SCPs define the maximum available permissions for accounts in your organization.

3. Region Restrictions: SCPs can be used to restrict which AWS services can be used in specific regions. For example, you can create an SCP that denies all Amazon Bedrock operations except in specific approved regions.

4. Enterprise Security Controls: This is exactly the type of enterprise-level security control that SCPs are designed for - enforcing organizational policies across multiple AWS accounts.

Why other options are incorrect:

• B. Amazon S3 Versioning: This is for object versioning in S3 buckets, not for enforcing regional restrictions on services.

• C. AWS Lambda Layers: This is for sharing code and dependencies across Lambda functions, not for security controls.

• D. Amazon Lightsail: This is a simplified virtual private server (VPS) service, not for enforcing enterprise security policies.

Key Takeaway: When you need to enforce organizational policies like restricting which regions specific AWS services can be used from, AWS Organizations with Service Control Policies (SCPs) is the appropriate solution.