Which solution will meet these requirements?
In the AWS Billing and Cost Management console for the HR department’s production account turn off RI sharing.
Remove the HR department’s production AWS account from the organization. Add the account 10 the consolidating billing configuration only.
In the AWS Billing and Cost Management console. use the organization’s management account 10 turn off RI Sharing for the HR departments production AWS account.
Create an SCP in the organization to restrict access to the RIs. Apply the SCP to the OUs of the other departments.
Explanations:
Turning off RI sharing in the HR department’s production account would prevent other accounts from sharing the RI discounts. However, since this action is account-specific, it does not provide a global solution across the organization, allowing for potential sharing if not properly managed.
Removing the HR department’s production AWS account from the organization would isolate it, but it defeats the purpose of using consolidated billing. This means the account would not benefit from the centralized management and billing features provided by AWS Organizations, which is not an optimal solution.
Using the organization’s management account to turn off RI sharing specifically for the HR department’s production account ensures that no other accounts within the organization can access those RI discounts. This effectively meets the requirement of isolating the reserved instances to the HR department.
While creating a Service Control Policy (SCP) to restrict access to RIs could theoretically limit access, SCPs do not directly control the sharing of RI discounts. They can restrict actions but are not specifically designed for managing reserved instance sharing in the context of billing. Thus, this option does not directly meet the requirement.
I draft that the answer is:
In the AWS Billing and Cost Management console. use the organization’s management account 10 turn off RI Sharing for the HR departments production AWS account.