Advanced AWS / Cloud Computing
Q87 / 100

How do "Service Control Policies" (SCPs) in AWS Organizations interact with IAM policies to determine effective permissions?

Correct! Well done.

Incorrect.

The correct answer is A) SCPs set the maximum available permissions for accounts in an organization (as guardrails) but don't themselves grant permissions; an action is allowed only if permitted by the relevant IAM policies AND not denied by any applicable SCP

A

Correct Answer

SCPs set the maximum available permissions for accounts in an organization (as guardrails) but don't themselves grant permissions; an action is allowed only if permitted by the relevant IAM policies AND not denied by any applicable SCP

Explanation

SCPs act as permission boundaries at the account level — even if an IAM policy grants a permission, an SCP can deny it organization-wide; effective permissions are the intersection of what IAM policies allow and what SCPs do not block.

Previous All Questions Next
Progress
87/100
☁️

Browse All AWS / Cloud Computing Questions

100 questions · beginner to advanced