A company has implemented AWS Organizations. It has recently set up a number of new accounts and wants to deny access to a specific set of AWS services in these new accounts. How can this be controlled MOST efficiently?
A) Create an IAM policy in each account that denies access to the services. Associate the policy with an IAM group, and add all IAM users to the group.
B) Create a service control policy that denies access to the services. Add all of the new accounts to a single organizational unit (OU) , and apply the policy to that OU.
C) Create an IAM policy in each account that denies access to the services. Associate the policy with an IAM role, and instruct users to log in using their corporate credentials and assume the IAM role.
D) Create a service control policy that denies access to the services, and apply the policy to the root of the organization.
Correct Answer:
Verified
Q452: A company has a legacy application running
Q453: A company runs an ordering system on
Q454: A company receives clickstream data files to
Q455: A Solutions Architect is redesigning an image-viewing
Q456: A large company has increased its utilization
Q458: A company has a requirement that only
Q459: A company runs its containerized batch jobs
Q460: A company wants to manage the costs
Q461: A fleet of Amazon ECS instances is
Q462: A company has a 24 TB MySQL
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents