A company is operating a multi-account environment under a single organization using AWS Organizations. The Security team discovers that some employees are using AWS services in ways that violate company policies. A SysOps Administrator needs to prevent all users of an account, including the root user, from performing certain restricted actions.
What should be done to accomplish this?
A. Apply service control policies (SCPs) to allow approved actions only
B. Apply service control policies (SCPs) to prevent restricted actions
C. Define permissions boundaries to allow approved actions only
D. Define permissions boundaries to prevent restricted actions
What should be done to accomplish this?
A. Apply service control policies (SCPs) to allow approved actions only
B. Apply service control policies (SCPs) to prevent restricted actions
C. Define permissions boundaries to allow approved actions only
D. Define permissions boundaries to prevent restricted actions