AWS Certified Cloud Practitioner — Question 54
A global media company uses AWS Organizations to manage multiple AWS accounts.
Which AWS service or feature can the company use to limit the access to AWS services for member accounts?
Answer options
- A. AWS Identity and Access Management (IAM)
- B. Service control policies (SCPs)
- C. Organizational units (OUs)
- D. Access control lists (ACLs)
Correct answer: B
Explanation
Service control policies (SCPs) are specifically designed to manage permissions across AWS Organizations, allowing the company to restrict access to AWS services for member accounts. AWS Identity and Access Management (IAM) is used for user permissions within a single account, while Organizational units (OUs) help organize accounts but do not enforce access restrictions. Access control lists (ACLs) are generally used for network traffic control, not for managing AWS service access.