A global media company uses AWS Organizations to manage multiple AWS accounts. Which AWS service or feature can the company use to limit the access to AWS services for member accounts?
Prates_BR - Should do more reading
he correct answer is B. Service control policies (SCPs).
AWS Organizations helps to manage multiple AWS accounts in a centralized manner. SCPs are a feature of AWS Organizations that allow an organization to set rules that govern the use of AWS services across all accounts in the organization. SCPs can be used to restrict the use of specific AWS services or to impose additional conditions or requirements on the use of those services. SCPs are applied at the organizational unit (OU) level, so organizations can create different policies for different groups of accounts within their AWS Organization.
AWS Identity and Access Management (IAM) is a service that enables you to manage access to AWS services and resources securely. IAM is used to create and manage users, groups, and permissions. It can be used in conjunction with SCPs to further restrict access to AWS services
SCPs are the best choice for this situation as they allow control over access to multiple AWS accounts within an AWS organization, while IAM is used to manage access to a single AWS account.
n AWS Organizations, you can centrally control permissions for the accounts in your organization by using service control policies (SCPs). SCPs enable you to place restrictions on the AWS services, resources, and individual API actions that users and roles in each account can access.
Key Exam Tip:
✔ SCPs = Restrict AWS service access across accounts in AWS Organizations
✔ IAM = Manage permissions within a single AWS account
✔ OUs = Organize accounts but do not enforce policies
B - SCPs
One of the features from AWS Organizations is SCPs, which helps you specify the maximum permissions for member accounts in the organization. Using SCPs, you can restrict which AWS services, resources, and individual API actions the users and roles in each member account can access.
source: https://aws.amazon.com/blogs/industries/best-practices-for-aws-organizations-service-control-policies-in-a-multi-account-environment/
B. Service Control Policies (SCPs)
An organization can use Service Control Policies (SCPs) in AWS Organizations to limit access to specific AWS services to member accounts. SCPs allow an administrator to restrict service-level permissions for accounts within the organization, setting limits on which services can be accessed.
The other options are not directly used to limit access to AWS services for member accounts in an AWS Organizations context:
A. AWS Identity and Access Management (IAM): IAM is used to manage permissions and access within individual accounts, but does not control access to services in member accounts across AWS Organizations.
C. Organizational Units (OUs): OUs are used to organize and rank accounts within the structure of AWS Organizations, but are not used to limit access to specific services.
D. Access Control Lists (ACLs): ACLs generally refer to network or operating system level access control mechanisms, but are not the primary approach to controlling access to AWS services in an AWS Organizations setting .
Continue....> D. Access Control Lists (ACLs): ACLs generally refer to network or operating system level access control mechanisms, but are not the primary approach to controlling access to AWS services in an AWS Organizations setting .
B. Service control policies (SCPs)
"In SCPs, you can restrict which AWS services, resources, and individual API actions the users and roles in each member account can access. You can also define conditions for when to restrict access to AWS services, resources, and API actions. These restrictions even override the administrators of member accounts in the organization."
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_introduction.html#:~:text=.%20In%20SCPs%2C%20you,in%20the%20organization.
Option C:
organizational units (OUs): are used to group accounts together to administer as a single unit. This greatly simplifies the management of your accounts.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Prates_BR
Highly Voted 2 years, 7 months agoGuru4Cloud
2 years agosophire
2 years, 3 months agopedrolaez
1 year, 9 months agoShaychay
Highly Voted 2 years, 6 months agoHebaXX
Most Recent 1 month agosonaljain
4 months agoKaal97
4 months agonileshcn
1 year agoindubala21
1 year, 1 month agoDrMatthew
1 year, 3 months agorsrjunior
1 year, 4 months agotechandra
1 year, 5 months agocryptics
1 year, 6 months agograo
1 year, 7 months agodanielolasupo02
1 year, 8 months agoLabStation
1 year, 8 months agoLabStation
1 year, 8 months agoroberto_rrt
1 year, 8 months agoPranava_GCP
1 year, 8 months agosaurabhfsinha
1 year, 8 months ago