Multiple Choice
A company uses AWS Organizations to manage multiple AWS accounts for different departments. The management account has an Amazon S3 bucket that contains project reports. The company wants to limit access to this S3 bucket to only users of accounts within the organization in AWS Organizations. Which solution meets these requirements with the LEAST amount of operational overhead?
A) Add the aws:PrincipalOrgID global condition key with a reference to the organization ID to the S3 bucket policy.
B) Create an organizational unit (OU) for each department. Add the aws:PrincipalOrgPaths global condition key to the S3 bucket policy.
C) Use AWS CloudTrail to monitor the CreateAccount, InviteAccountToOrganization, LeaveOrganization, and RemoveAccountFromOrganization events. Update the S3 bucket policy accordingly.
D) Tag each user that needs access to the S3 bucket. Add the aws:PrincipalTag global condition key to the S3 bucket policy.
Correct Answer:
Verified
Correct Answer:
Verified
Q140: A group requires permissions to list an
Q141: A company recently launched its website to
Q142: A solutions architect has configured the following
Q143: A company has many projects that run
Q144: An application runs on Amazon EC2 instances
Q146: A company runs an application in a
Q147: A company uses Application Load Balancers (ALBs)
Q148: A solutions architect is designing an architecture
Q149: A solutions architect is designing a web
Q150: A company is building applications in containers.