🔥 3-day streak
AWS Certified Security - Specialty123 / 157
Question 123 of 157
A security team manages an AWS Organization with all features enabled and 60 member accounts across several organizational units (OUs). A recent audit found that some account teams occasionally log in with the account root user to perform routine tasks. The team wants to enforce, organization-wide, that the root user of any member account cannot perform any actions except a small set of tasks that only root can do (such as changing account settings that require root), while still allowing IAM principals to operate normally. Which approach best meets this requirement at scale?
Reviewed for accuracy · Report an issueNext question