A large company has multiple AWS accounts that are assigned to each department. A SysOps administrator needs to help the company reduce overhead and manage its AWS resources more easily. The SysOps administrator also must ensure that department users, including AWS account root users, have access only to AWS services that are essential for their job function. Which solution will meet these requirements?

Topic #: - All AWS-SysOps Questions

A. Enable AWS Directory Service. Enforce Group Policy Objects (GPOs) on each department to restrict access.
B. Migrate all the accounts to a central account. Create IAM groups for each department with only the necessary permissions.
C. Use AWS Organizations and implement service control policies (SCPs) to ensure accounts use only essential AWS services.
D. Use AWS Single Sign-On and configure it to limit access to only essential AWS services.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Suggested Answer:

Share this post

Join the Discussion