Q35 — AWS SAP-C02 Ch.1
Question 35 of 75 | ← Chapter 1
Q110. A company has its cloud infrastructure on AWS. A solutions architect needs to define the infrastructure as code. The infrastructure is currently deployed in one AWS Region.The company's business expansion plan includes deployments in multiple Regions across multiple AWS accounts. What should the solutions architect do to meet these requirements?
- A. Use AWS CloudFormation templates. Add IAM policies to control the various accounts. Deploy the templates across the multiple Regions
- B. Use AWS Organizations. Deploy AWS CloudFormation templates from the management account. Use AWS Control Tower to manage deployments across accounts
- C. Use AWS Organizations and AWS CloudFormation StackSets. Deploy a CloudFormation template from an account that has the necessary IAM permissions ✓
- D. Use nested stacks with AWS CloudFormation templates. Change the Region by using nested stacks
Correct Answer: C. Use AWS Organizations and AWS CloudFormation StackSets. Deploy a CloudFormation template from an account that has the necessary IAM permissions
Explanation
To meet the requirements of defining infrastructure as code and deploying it across multiple AWS Regions and accounts, the solutions architect should recommend: C. Use AWS Organizations and AWS CloudFormation StackSets. Deploy a CloudFormation template from an account that has the necessary IAM permissions. Explanation: C. Use AWS Organizations and AWS CloudFormation StackSets: AWS Organizations provides centralized management and governance of multiple AWS accounts. AWS CloudFormation StackSets allow you to deploy CloudFormation stacks across multiple accounts and Regions simultaneously. Deploy a CloudFormation template from an account that has the necessary IAM permissions: The solutions architect should set up an account with the appropriate IAM permissions to deploy the CloudFormation StackSet. This account can be part of the AWS Organization's management account or a dedicated account with the required permissions. Option A is incorrect because although it suggests using AWS CloudFormation templates, it does not address the requirement of deploying across multiple AWS Regions and accounts. Additionally, it does not mention using AWS Organizations for centralized management. Option B is incorrect because it suggests using AWS Organizations and deploying CloudFormation templates from the management account, but it does not mention the use of AWS CloudFormation StackSets for deploying across multiple Regions. AWS Control Tower is not directly related to deploying infrastructure as code. Option D is incorrect because it suggests using nested stacks with AWS CloudFormation templates to change the Region. While nested stacks can be used for organizing and managing complex deployments, they do not provide a straightforward solution for deploying across multiple AWS Regions and accounts. Therefore, the recommended approach is C: Use AWS Organizations and AWS CloudFormation StackSets to deploy a CloudFormation template from an account with the necessary IAM permissions.