🔥 3-day streak
AWS Certified Solutions Architect - Professional149 / 186
Question 149 of 186
A company uses AWS Organizations with a nested OU structure: the root has a 'Workloads' OU, which contains a 'Production' OU, which contains an 'Payments' account. The company attaches the following SCPs: an SCP at the root that allows all actions (FullAWSAccess); an SCP on the 'Workloads' OU that allows only EC2, S3, and RDS actions; an SCP on the 'Production' OU that denies all S3 delete actions (s3:Delete*); and an SCP on the 'Payments' account that allows only EC2 and S3 actions. An IAM role in the 'Payments' account has an identity-based policy granting full RDS access. When a user assumes this role and attempts to launch an RDS database instance, what is the result?
Reviewed for accuracy · Report an issueNext question