A company uses AWS Organizations to manage multiple AWS accounts for different departments. The management account has an Amazon S3 bucket that contains project reports. The company wants to limit access to this S3 bucket to only users of accounts within the organization in AWS Organizations. Which solution meets these requirements with the LEAST amount of operational overhead?
A) Add the aws:PrincipalOrgID global condition key with a reference to the organization ID to the S3 bucket policy.
B) Create an organizational unit (OU) for each department. Add the aws:PrincipalOrgPaths global condition key to the S3 bucket policy.
C) Use AWS CloudTrail to monitor the CreateAccount, InviteAccountToOrganization, LeaveOrganization, and RemoveAccountFromOrganization events. Update the S3 bucket policy accordingly.
D) Tag each user that needs access to the S3 bucket. Add the aws:PrincipalTag global condition key to the S3 bucket policy.
Correct Answer:
Verified
Q506: A solutions architect needs to design a
Q507: A company's facility has badge readers at
Q508: A company is building an online multiplayer
Q509: A company runs its infrastructure on AWS
Q510: A company runs its two-tier ecommerce website
Q512: A company is migrating from an on-premises
Q513: A financial company hosts a web application
Q514: A company designed a stateless two-tier application
Q515: A gaming company hosts a browser-based application
Q516: A company's managing health records on-premises. The
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents