A company has separate AWS accounts for finance, data analytics, and development. To control costs and improve security, the company wants to restrict which services each account can use. Which solution meets these requirements with the LEAST operational overhead?
Choose an answer
Tap an option to check your answer.
Correct answer: Create organizational units (OUs) for each department in AWS Organizations. Attach service control policies (SCPs) to the OUs..
Why this is the answer
Creating Organizational Units (OUs) in AWS Organizations and attaching Service Control Policies (SCPs) to them is the most effective solution for restricting service usage with the least operational overhead. SCPs allow you to centrally manage permissions for all accounts within an OU, defining maximum available permissions. This directly addresses the need to control costs and improve security by limiting which services each account can use. Using AWS Systems Manager templates is for managing instances and configurations, not for controlling service access across accounts. AWS CloudFormation provisions resources but doesn't inherently restrict what services can be used; it defines what is deployed. AWS Service Catalog manages approved products for deployment, but SCPs provide a more fundamental and overarching control over which services can even be attempted in the first place, making it a higher-level and more efficient control mechanism for this specific requirement.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed