本题库由云计算狂魔微信公众号分享。
【SAA-C03助理级解决方案架构师认证】
A company uses AWS Organizations to manage multiple AWS accounts for different departments.The management account has an Amazon S3 bucket that contains project reports. The company wants to limit access to this S3 bucket to only users of accounts within the organization in AWS Organizations. Which solution meets these requirements with the LEAST amount of operational overhead?
A : Add the aws:PrincipalOrgID global condition key with a reference to the organization ID to the s3 bucket policy
B : Create an organizational unit(Ou) for each department Add the aws:PrincipalOrgPaths
global condition key to the S3 bucket policy.
C : Use AWS CloudTrail to monitor the Create Account, InviteAccountToorganization LeaveOrganization, and RemoveAccountFromOrganization events. Update the S3 bucket policy accordingly
D : Tag each user that needs access to the S3 bucket. Add the awsPrincipalTag global condition key to the S3 bucket policy.