Which AWS service or feature can the company use to limit the access to AWS services for member accounts?
AWS Identity and Access Management (IAM)
Service control policies (SCPs)
Organizational units (OUs)
Access control lists (ACLs)
Explanations:
AWS Identity and Access Management (IAM) allows for fine-grained access control at the user and group level within individual accounts but does not apply restrictions across multiple accounts managed by AWS Organizations.
Service Control Policies (SCPs) are a feature of AWS Organizations that allow you to define guardrails by specifying what services and actions can be accessed by member accounts. They are used to limit permissions across the entire organization.
Organizational Units (OUs) are used to group accounts for management purposes within AWS Organizations. While they help organize accounts, they do not provide any inherent access restrictions on services or actions.
Access Control Lists (ACLs) are used primarily for controlling access to AWS resources such as S3 buckets or network resources, but they do not function at the account management level and are not applicable for limiting access across AWS accounts.