A large company with hundreds of AWS accounts has a newly established centralized internal process for purchasing new or modifying existing Reserved Instances. This process requires all business units that want to purchase or modify Reserved Instances to submit requests to a dedicated team for procurement or execution. Previously, business units would directly purchase or modify Reserved Instances in their own respective AWS accounts autonomously. Which combination of steps should be taken to proactively enforce the new process in the MOST secure way possible? (Choose two.)
A) Ensure all AWS accounts are part of an AWS Organizations structure operating in all features mode.
B) Use AWS Config to report on the attachment of an IAM policy that denies access to the ec2:PurchaseReservedInstancesOffering and ec2:ModifyReservedInstances actions.
C) In each AWS account, create an IAM policy with a DENY rule to the ec2:PurchaseReservedInstancesOffering and ec2:ModifyReservedInstances actions.
D) Create an SCP that contains a deny rule to the ec2:PurchaseReservedInstancesOffering and ec2:ModifyReservedInstances actions. Attach the SCP to each organizational unit (OU) of the AWS Organizations structure.
E) Ensure that all AWS accounts are part of an AWS Organizations structure operating in consolidated billing features mode.
Correct Answer:
Verified
Q654: An enterprise company's data science team wants
Q655: A company is developing a new service
Q656: A company has an application that runs
Q657: A company has been using a third-party
Q658: A company is in the process of
Q660: A media company has a static web
Q661: A company has several Amazon EC2 instances
Q662: A company hosts a game player-matching service
Q663: A company has a single AWS master
Q664: A company has a web application that
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents