A company has implemented AWS Organizations. It has recently set up a number of new accounts and wants to deny access to a specific set of AWS services in these new accounts. How can this be controlled MOST efficiently?
A) Create an IAM policy in each account that denies access to the services. Associate the policy with an IAM group, and add all IAM users to the group.
B) Create a service control policy that denies access to the services. Add all of the new accounts to a single organizational unit (OU) , and apply the policy to that OU.
C) Create an IAM policy in each account that denies access to the service. Associate the policy with an IAM role, and instruct users to log in using their corporate credentials and assume the IAM role.
D) Create a service control policy that denies access to the services, and apply the policy to the root of the organization.
Correct Answer:
Verified
Q582: A company wants to follow its website
Q583: A read only news reporting site with
Q584: A company wants to manage the costs
Q585: A company is planning to migrate an
Q586: An ERP application is deployed across multiple
Q588: A company is using AWS CloudFormation to
Q589: A company has a large on-premises Apache
Q590: You have deployed a web application targeting
Q591: A company has a complex web application
Q592: You are tasked with moving a legacy
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents