AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 79

A company's network engineering team is solely responsible for deploying VPC infrastructure using AWS CloudFormation. The company wants to give its developers the ability to launch applications using CloudFormation templates so that subnets can be created using available CIDR ranges.
What should be done to meet these requirements?

Answer options

• A. Create a CloudFormation template with Amazon EC2 resources that rely on cfn-init and cfn-signals to inform the stack of available CIDR ranges.
• B. Create a CloudFormation template with a custom resource that analyzes traffic activity in VPC Flow Logs and reports on available CIDR ranges.
• C. Create a CloudFormation template that references the Fn::Cidr intrinsic function within a subnet resource to select an available CIDR range.
• D. Create a CloudFormation template with a custom resource that uses AWS Lambda and Amazon DynamoDB to manage available CIDR ranges.

Correct answer: C

Explanation

The correct answer is C because using the Fn::Cidr intrinsic function allows for dynamic selection of available CIDR ranges directly within the CloudFormation template. Options A and B do not provide a direct method for subnet creation using available CIDR ranges, while option D involves additional complexity with custom resources that are not necessary for this requirement.