Q39 — AWS DOP-C02 Ch.1
Question 39 of 100 | ← Chapter 1
A company wants to use AWS CloudFormation for infrastructure deployments. The company has strict tagging and resource requirements and wants to restrict deployments to a single Region. Developers will need to deploy multiple versions of the same application. Which solution ensures resources are deployed according to company policy?
- A. Create an AWS Trusted Advisor check to identify and remediate unauthorized CloudFormation StackSets.
- B. Create a CloudFormation drift detection operation to identify and remediate unauthorized CloudFormation StackSets.
- C. Create CloudFormation StackSets using approved CloudFormation templates.
- D. Create AWS Service Catalog products using approved CloudFormation templates. ✓
Correct Answer: D. Create AWS Service Catalog products using approved CloudFormation templates.
Explanation
AWS Service Catalog enables centralized governance of infrastructure deployments by packaging approved CloudFormation templates as versioned, auditable products. It enforces tagging policies, region restrictions, and resource constraints via portfolio constraints and product provisioning. Developers select from pre-approved versions, ensuring compliance while supporting multi-version application deployments. StackSets (Option C) are intended for multi-account, multi-Region deployments—not single-Region governance. Trusted Advisor (A) and drift detection (B) are monitoring tools, not deployment enforcement mechanisms.