A company uses AWS Organizations for its multi-account AWS setup.The security organizational unit (OU) of the company needs to share approved Amazon Machine Images (AMIs) with the development OU.The AMIs are created by using AWS Key Management Service (AWS KMS) encrypted snapshots.
Which solution will meet these requirements?
(Choose two.)
Add the development team’s OU Amazon Resource Name (ARN) to the launch permission list for the AMIs.
Add the Organizations root Amazon Resource Name (ARN) to the launch permission list for the AMIs.
Update the key policy to allow the development team’s OU to use the AWS KMS keys that are used to decrypt the snapshots.
Add the development team’s account Amazon Resource Name (ARN) to the launch permission list for the AMIs.
Recreate the AWS KMS key. Add a key policy to allow the Organizations root Amazon Resource Name (ARN) to use the AWS KMS key.
From my point of view, the answer is:
Add the development team’s OU Amazon Resource Name (ARN) to the launch permission list for the AMIs.