A company has multiple AWS accounts that are part of AWS Organizations. The company’s Security team wants to ensure that even those Administrators with full access to the company’s AWS accounts are unable to access the company’s Amazon S3 buckets. How should this be accomplished?

by totorovn at Feb. 20, 2025, 7:40 pm

Topic #: - All AWS Certified Security - Specialty Questions

A. Use SCPs.
B. Add a permissions boundary to deny access to Amazon S3 and attach it to all roles.
C. Use an S3 bucket policy.
D. Create a VPC endpoint for Amazon S3 and deny statements for access to Amazon S3.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Join the Discussion

You must be logged in to post a comment.

A company has multiple AWS accounts that are part of AWS Organizations. The company’s Security team wants to ensure that even those Administrators with full access to the company’s AWS accounts are unable to access the company’s Amazon S3 buckets. How should this be accomplished?

Suggested Answer:

Share this post

Join the Discussion