AWS Certified DevOps Engineer – Professional (DOP-C02) — Question 117

A DevOps engineer used an AWS CloudFormation custom resource to set up AD Connector. The AWS Lambda function ran and created AD Connector, but CloudFormation is not transitioning from CREATE_IN_PROGRESS to CREATE_COMPLETE.

Which action should the engineer take to resolve this issue?

Answer options

• A. Ensure the Lambda function code has exited successfully.
• B. Ensure the Lambda function code returns a response to the pre-signed URL.
• C. Ensure the Lambda function IAM role has cloudformation:UpdateStack permissions for the stack ARN.
• D. Ensure the Lambda function IAM role has ds:ConnectDirectory permissions for the AWS account.

Correct answer: B

Explanation

The correct action is to ensure the Lambda function code returns a response to the pre-signed URL, as this is necessary for CloudFormation to transition to CREATE_COMPLETE. If the Lambda function code has not exited successfully or does not send a response, CloudFormation will remain in the CREATE_IN_PROGRESS state. Additionally, permissions related to cloudformation:UpdateStack or ds:ConnectDirectory are not directly related to the completion of the Lambda function's execution in this context.