A company has an AWS account for each department and wants to consolidate billing and reduce overhead. The company wants to make sure that the finance team is denied from accessing services other than Amazon EC2, the security team is denied from accessing services other than AWS CloudTrail, and IT can access any resource.
Which solution meets these requirements with the LEAST amount of operational overhead?
A. Create a role for each department within AWS IAM and assign each role the necessary permissions.
B. Create a user for each department within AWS IAM and assign each user the necessary permissions.
C. Implement service control policies within AWS Organizations to determine which resources each department can access.
D. Place each department into an organizational unit (OU) within AWS Organizations and use IAM policies to determine which resources they can access.
Which solution meets these requirements with the LEAST amount of operational overhead?
A. Create a role for each department within AWS IAM and assign each role the necessary permissions.
B. Create a user for each department within AWS IAM and assign each user the necessary permissions.
C. Implement service control policies within AWS Organizations to determine which resources each department can access.
D. Place each department into an organizational unit (OU) within AWS Organizations and use IAM policies to determine which resources they can access.