Q93 — AWS SCS-C02 Ch.1

Question 93 of 100 | ← Chapter 1

A company is using AWS Organizations to manage multiple AWS accounts for its human resources, finance, software development, and production departments. All the company's developers are part of the software development AWS account. The company discovers that developers have launched Amazon EC2 instances that were preconfigured with software that the company has not approved for use. The company wants to implement a solution to ensure that developers can launch EC2 instances with only approved software applications and only in the software development AWS account. Which solution will meet these requirements?

Correct Answer: C. Use an AWS Service Catalog portfolio that contains EC2 products with appropriate AMIs that include only approved software. Grant the developers permission to access only the Service Catalog portfolio to launch a product in the software development account.

Explanation

AWS Organizations用于集中管理多个账户,需确保开发者仅能在指定账户中使用批准的软件。根据AWS最佳实践,限制资源创建可通过预定义模板和权限控制实现。AWS Service Catalog允许管理员创建标准化产品(如包含合规AMI的EC2配置),并授予用户访问权限。选项C通过Service Catalog组合强制使用合规AMI,并限制开发者仅能在指定账户启动实例。选项A依赖开发者主动使用特定模板,缺乏强制约束;选项B在实例创建后安装软件,存在中间态风险;选项D跨账户部署不符合仅在开发账户使用的要求。正确方法为选项C。