A customer needs corporate IT governance and cost oversight of all AWS resources consumed by its divisions. Each division has its own AWS account and there is a need to ensure that the security policies are kept in place at the Account Level. How can you achieve this? Choose 2 answers from the options given below

Answer options:

A.Use AWS organizations
B.Club all divisions under a single account instead
C.Use IAM Policies to segregate access
D.Use Service control policies

Answer - A and D
With AWS Organizations, you can centrally manage policies across multiple AWS accounts without having to use custom scripts and manual processes. For example, you can apply service control policies (SCPs) across multiple AWS accounts that are members of an organization. SCPs allow you to define which AWS service APIs can and cannot be executed by AWS Identity and Access Management (IAM) entities (such as IAM users and roles) in your organization’s member AWS accounts. SCPs are created and applied from the master account, which is the AWS account that you used when you created your organization.
Option B is incorrect since the question mentions that you need to use separate AWS accounts
Option C is incorrect since you need to use service control policies."AWS IAM doesn`t provide the facility to define access permissions to that minute level i.e., which AWS service APIs can and cannot be executed by IAM entities."
For more information on how to use service control policies, please visit the below URL
https://aws.amazon.com/blogs/security/how-to-use-service-control-policies-in-aws-organizations/