A Solutions Architect is designing a multi-account structure that has 10 existing accounts. The design must meet the following requirements:
✑ Consolidate all accounts into one organization.
✑ Allow full access to the Amazon EC2 service from the master account and the secondary accounts.
✑ Minimize the effort required to add additional secondary accounts.
Which combination of steps should be included in the solution? (Choose two.)

• A. Create an organization from the master account. Send invitations to the secondary accounts from the master account. Accept the invitations and create an OU.
• B. Create an organization from the master account. Send a join request to the master account from each secondary account. Accept the requests and create an OU.
• C. Create a VPC peering connection between the master account and the secondary accounts. Accept the request for the VPC peering connection.
• D. Create a service control policy (SCP) that enables full EC2 access, and attach the policy to the OU.
• E. Create a full EC2 access policy and map the policy to a role in each account. Trust every other account to assume the role.

选AD 还是 AE 好，D中scp只划定可能最大权限，实际还是要看iam？