Ends in
00
days
00
hrs
00
mins
00
secs
SHOP NOW

PRE-BLACK FRIDAY SALE - GET 20% OFF ALL REVIEWERS

Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Solutions Architect Professional If SCPs already deny, is an explicit IAM role in each account required to deny? Reply To: If SCPs already deny, is an explicit IAM role in each account required to deny?

  • sergioarield

    Member
    July 11, 2024 at 11:02 pm

    I also think this question shows the wrong answers. You don’t need both SCP and IAM to enforce tagging. On the other hand, you do need an AWS Config aggregator and also the rules in each account to effectively control compliance. In other words, the correct answers should be SCP + Config rules in each account + Config aggregator.