Q226.A large company with hundreds of AWS accounts has a newly established centralized internal process for purchasing new or modify existing Reserved Instances. This process requires all business units that want to purchase or modify reserved Instances to submit requests to a dedicated team for procurement or execution. Previously business units would directly purchase or modify Reserved Instances in their own respective AWS accounts autonomously.Which combination of steps should be taken to proactively enforce the new process in the MosT secure way possible? (Select TWO)
A.Ensure all AWS accounts are part of an AWS Organizations structure operating in all features mode. B.Use AWS Config to report on the attachment of an lAM policy that denies access to the.ec2: PurchaseReservedInstancesoffering and ec2: Modify ReservedInstances actions. C.In each AWS accountcreate an IAM policy with a DENy rule to the ec2 Purchase ReservedInstances Offering and ec2: Modify ReservedInstances actions. D.Create an Scp that contains a deny rule to the ec2: Purchase ReservedInstances offering and ec2: Modify ReservedInstances actions. Attach the SCP to each organizational unit(OU)of the AWS Organizations structure. E.Ensure that all AWS accounts are part of an AWS Organizations structure operating in consolidated billing features mode.正确答案AD
