🔥 3-day streak
AWS Certified Security - Specialty88 / 184
Question 88 of 184
A security engineer at a company using AWS Organizations must enforce that all member accounts can only operate in the eu-west-1 and eu-central-1 regions to meet data residency requirements. However, the finance team needs global services such as IAM, CloudFront, and Route 53 to continue functioning, and one designated account (the networking account) must additionally be allowed to use us-east-1 for a legacy Direct Connect gateway configuration. What is the MOST effective way to implement this using Service Control Policies (SCPs)?
Reviewed for accuracy · Report an issueNext question