A company is expanding. The company plans to separate its resources into hundreds of different AWS accounts in multiple AWS Regions. A solutions architect must recommend a solution that denies access to any operations outside of specifically designated Regions. Which solution will meet these requirements?

QuestionsCategory: SAP-C02A company is expanding. The company plans to separate its resources into hundreds of different AWS accounts in multiple AWS Regions. A solutions architect must recommend a solution that denies access to any operations outside of specifically designated Regions. Which solution will meet these requirements?
Admin Staff asked 10 months ago
A company is expanding. The company plans to separate its resources into hundreds of different AWS accounts in multiple AWS Regions. A solutions architect must recommend a solution that denies access to any operations outside of specifically designated Regions.
Which solution will meet these requirements?

A. Create IAM roles for each account. Create IAM policies with conditional allow permissions that include only approved Regions for the accounts.

B. Create an organization in AWS Organizations. Create IAM users for each account. Attach a policy to each user to block access to Regions where an account cannot deploy infrastructure.

C. Launch an AWS Control Tower landing zone. Create OUs and attach SCPs that deny access to run services outside of the approved Regions.

D. Enable AWS Security Hub in each account. Create controls to specify the Regions where an account can deploy infrastructure.




 
Correct Answer: C

This question is in SAP-C02 exam
For getting AWS Certified Solutions Architect Professional Certificate


Next Post

Recommended

Welcome Back!

Login to your account below

Create New Account!

Fill the forms below to register

Retrieve your password

Please enter your username or email address to reset your password.