SCS-C02 · Question #428
SCS-C02 Question #428: Real Exam Question with Answer & Explanation
The correct answer is B: Set the value of the aws:SourceOrgPaths condition key to be the Organizations entity path of the. The aws condition key is used to restrict access based on the organizational path in AWS Organizations, such as limiting actions to accounts within a specific Organizational Unit (OU). By setting the value of this condition key to the Organizations entity path of the production O
Question
A company uses an organization in AWS Organizations to help separate its Amazon EC2 instances and VPCs. The company has separate OUs for development workloads and production workloads. A security engineer must ensure that only AWS accounts in the production OU can write VPC flow logs to an Amazon S3 bucket. The security engineer is configuring the S3 bucket policy with a Condition element to allow the s3:PutObject action for VPC flow logs. How should the security engineer configure the Condition element to meet these requirements?
Options
- ASet the value of the aws:SourceOrgID condition key to be the organization ID.
- BSet the value of the aws:SourceOrgPaths condition key to be the Organizations entity path of the
- CSet the value of the aws:ResourceOrgID condition key to be the organization ID.
- DSet the value of the aws:ResourceOrgPaths condition key to be the Organizations entity path of
Explanation
The aws condition key is used to restrict access based on the organizational path in AWS Organizations, such as limiting actions to accounts within a specific Organizational Unit (OU). By setting the value of this condition key to the Organizations entity path of the production OU, the security engineer ensures that only accounts in the production OU can write VPC flow logs to the S3 bucket. This approach directly meets the requirement to restrict access to a specific OU within AWS Organizations.
Community Discussion
No community discussion yet for this question.