A Security Administrator is restricting the capabilities of company root user accounts. The company uses AWS Organizations and has enabled it for all feature sets, including consolidated billing. The top-level account is used for billing and administrative purposes, not for operational AWS resource purposes.
How can the Administrator restrict usage of member root user accounts across the organization?
A . Disable the use of the root user account at the organizational root. Enable multi-factor authentication of the root user account for each organizational member account.
B . Configure IAM user policies to restrict root account capabilities for each Organizations member account.
C . Create an organizational unit (OU) in Organizations with a service control policy that controls usage of the root user. Add all operational accounts to the new O
E . Configure AWS CloudTrail to integrate with Amazon CloudWatch Logs and then create a metric filter for RootAccountUsage.
Answer: C
Explanation:
Reference:
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_policies_about-scps.html
Leave a Reply