A large company has multiple AWS accounts that are assigned to each department. A SysOps administrator needs to help the company reduce overhead and manage its AWS resources more easily. The SysOps administrator also must ensure that department users, including AWS account root users, have access only to AWS services that are essential for their job function.
Which solution will meet these requirements?
A . Enable AWS Directory Service Enforce Group Policy Objects (GPOs) on each department to restrict access.
B . Migrate all the accounts to a central account Create I AM groups for each department with only the necessary permissions
C . Use AWS Organizations and implement service control policies (SCPs) to ensure accounts use only essential AWS services
D . Use AWS Single Sign-On and configure it to limit access to only essential AWS services
Answer: C
Leave a Reply