A financial services company is moving to AWS and wants to enable developers to experiment and innovate while preventing access to production applications. The company has the following requirements: Production workloads cannot be directly connected to the internet. All workloads must be restricted to the us-west-2 and eu-central-1 Regions. Notification should be sent when developer sandboxes exceed $500 in AWS spending monthly. Which combination of actions needs to be taken to create a multi-account structure that meets the company's requirements? (Choose three.)
A) Create accounts for each production workload within an organization in AWS Organizations. Place the production accounts within an organizational unit (OU) . For each account, delete the default VPC. Create an SCP with a Deny rule for the attach an internet gateway and create a default VPC actions. Attach the SCP to the OU for the production accounts.
B) Create accounts for each production workload within an organization in AWS Organizations. Place the production accounts within an organizational unit (OU) . Create an SCP with a Deny rule on the attach an internet gateway action. Create an SCP with a Deny rule to prevent use of the default VPC. Attach the SCPs to the OU for the production accounts.
C) Create a SCP containing a Deny Effect for cloudfront:*, iam:*, route53:*, and support:* with a StringNotEquals condition on an aws:RequestedRegion condition key with us-west-2 and eu-central-1 values. Attach the SCP to the organization's root.
D) Create an IAM permission boundary containing a Deny Effect for cloudfront:*, iam:*, route53:*, and support:* with a StringNotEquals condition on an aws:RequestedRegion condition key with us-west-2 and eu-central-1 values. Attach the permission boundary to an IAM group containing the development and production users.
E) Create accounts for each development workload within an organization in AWS Organizations. Place the development accounts within an organizational unit (OU) . Create a custom AWS Config rule to deactivate all IAM users when an account's monthly bill exceeds $500.
F) Create accounts for each development workload within an organization in AWS Organizations. Place the development accounts within an organizational unit (OU) . Create a budget within AWS Budgets for each development account to monitor and report on monthly spending exceeding $500.
Correct Answer:
Verified
Q641: A company with multiple accounts is currently
Q642: A company wants to analyze log data
Q643: A solutions architect is designing a publicly
Q644: A company currently has data hosted in
Q645: A company developed a Java application and
Q647: A company experienced a breach of highly
Q648: A company is hosting a three-tier web
Q649: A company is operating a large customer
Q650: A new startup is running a serverless
Q651: A company plans to refactor a monolithic
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents