A company has created a separate AWS account for all development work to protect the production environment. In this development account, developers have permission to manipulate IAM policies and roles. Corporate policies require that developers are blocked from accessing some services. What is the BEST way to grant the developers privileges in the development account while still complying with corporate policies?
A) Create a service control policy in AWS Organizations and apply it to the development account.
B) Create a customer managed policy in IAM and apply it to all users within the development account.
C) Create a job function policy in IAM and apply it to all users within the development account.
D) Create an IAM policy and apply it in API Gateway to restrict the development account.

Question

Quizplus · Accepted Answer

The Answer of A company has created a separate AWS account for all development work to protect the production environment. In this development account, developers have permission to manipulate IAM policies and roles. Corporate policies require that developers are blocked from accessing some services. What is the BEST way to grant the developers privileges in the development account while still complying with corporate policies?
A) Create a service control policy in AWS Organizations and apply it to the development account.
B) Create a customer managed policy in IAM and apply it to all users within the development account.
C) Create a job function policy in IAM and apply it to all users within the development account.
D) Create an IAM policy and apply it in API Gateway to restrict the development account.

A Company Has Created a Separate AWS Account for All