🔥 3-day streak
AWS Certified Solutions Architect - Professional151 / 186
Question 151 of 186

A financial services company uses AWS Organizations with a restrictive SCP applied at the root that denies all IAM actions matching "iam:*Role*" except for a small set of approved administrators identified by a specific IAM path. After deploying the SCP, application teams report that Auto Scaling groups fail to launch instances and that enabling Amazon GuardDuty in member accounts now fails. Both features previously worked. The security team confirms the accounts have valid execution roles. What is the most likely cause and the correct remediation?

Reviewed for accuracy · Report an issueNext question