Logo
AWS Certified Solutions Architect - Professional / Question #637 of 529

Question #637

A retail company uses AWS Organizations with consolidated billing and has organized its departments into the following OUs: Finance, Sales, Human Resources (HR), Marketing, and Operations. Each OU contains multiple AWS accounts corresponding to development, test, pre-production, and production environments. The Finance department has purchased Reserved Instances (RIs) in its production AWS account for a new financial analytics platform launching soon. The Finance department needs to ensure that no other departments can utilize the RI discounts allocated to their production account. What solution meets this requirement?

A

In the AWS Billing and Cost Management console for the Finance department's production account, disable RI sharing.
B

Remove the Finance department's production AWS account from the organization and link it to the consolidated billing configuration separately.
C

Use the AWS Billing and Cost Management console in the organization\u2019s management account to disable RI sharing for the Finance department's production AWS account.
D

Apply a Service Control Policy (SCP) to the OUs of other departments to block access to the Finance department's RIs.

Explanation

Answer C is correct because AWS Organizations allows the management account to control Reserved Instance (RI) sharing settings for all member accounts. By default, RIs are shared across all accounts in an organization to maximize cost savings. However, disabling RI sharing for the Finance department's production account via the management account's Billing console ensures its RIs are exclusive to that account.

Option A is incorrect because individual member accounts cannot disable RI sharing themselves; only the management account can modify this setting. Option B is overly disruptive, as removing the account from the organization would break consolidated billing and complicate governance. Option D is invalid because Service Control Policies (SCPs) manage permissions for API actions, not RI discount sharing.

Key points to remember:
1. RI sharing is managed at the organization level by the management account.
2. Disabling RI sharing for a specific account restricts its RIs to that account only.
3. SCPs cannot block RI discount utilization.

Answer

The correct answer is: C