How should this be accomplished?

A company has multiple AWS accounts that are part of AW5 Organizations. The company’s Security team wants to ensure that even those Administrators with full access to the company’s AWS accounts are unable to access the company’s Amazon S3 buckets

How should this be accomplished?
A . UseSCPs
B . Add a permissions boundary to deny access to Amazon S3 and attach it to all roles
C . Use an S3 bucket policy
D . Create a VPC endpoint for Amazon S3 and deny statements for access to Amazon S3

View Answer

Answer: A