A company orchestrates a multi-account structure on AWS by using AWS Control Tower. The company is using AWS Organizations, AWS config, and AWS Trusted Advisor. The company has a specific OU for development accounts that developers use to experiment on AWS. The company has hundreds of developers, and each developer has an individual development account. The company wants to optimize costs in these development accounts. Amazon EC2 instances and Amazon RDS instances in these accounts must be burstable. The company wants to disallow the use of other services that are not relevant. What should a solutions architect recommend to meet these requirements? A. Create a custom SCP in AWS Organizations to allow the deployment of only burstable instances and to disallow services that are not relevant. Apply the SCP to the development OU. B. Create a custom detective control (guardrail) in AWS Control Tower. configure the control (guardrail) to allow the deployment of only burstable instances and to disallow services that are not relevant. Apply the control (guardrail) to the development OU. C. Create a custom preventive control (guardrail) in AWS Control Tower. configure the control (guardrail) to allow the deployment of only burstable instances and to disallow services that are not relevant. Apply the control (guardrail) to the development OU. D. Create an AWS config rule in the AWS Control Tower account. configure the AWS config rule to allow the deployment of only burstable instances and to disallow services that are not relevant. Deploy the AWS config rule to the development OU by using AWS CloudFormation StackSets. Â Correct Answer: C This question is in SAP-C02 exam For getting AWS Certified Solutions Architect Professional Certificate
Please login or Register to submit your answer