AWS Certified Solutions Architect – Professional (SAP-C02) — Question 36

A company is using AWS Organizations to manage multiple AWS accounts. For security purposes, the company requires the creation of an Amazon Simple Notification Service (Amazon SNS) topic that enables integration with a third-party alerting system in all the Organizations member accounts.
A solutions architect used an AWS CloudFormation template to create the SNS topic and stack sets to automate the deployment of CloudFormation stacks. Trusted access has been enabled in Organizations.
What should the solutions architect do to deploy the CloudFormation StackSets in all AWS accounts?

Answer options

• A. Create a stack set in the Organizations member accounts. Use service-managed permissions. Set deployment options to deploy to an organization. Use CloudFormation StackSets drift detection.
• B. Create stacks in the Organizations member accounts. Use self-service permissions. Set deployment options to deploy to an organization. Enable the CloudFormation StackSets automatic deployment.
• C. Create a stack set in the Organizations management account. Use service-managed permissions. Set deployment options to deploy to the organization. Enable CloudFormation StackSets automatic deployment.
• D. Create stacks in the Organizations management account. Use service-managed permissions. Set deployment options to deploy to the organization. Enable CloudFormation StackSets drift detection.

Correct answer: C

Explanation

The correct answer is C because creating a stack set in the management account enables deployment across all member accounts using service-managed permissions, which is the recommended approach for AWS Organizations. Options A and B are incorrect as they suggest creating stacks directly in member accounts, which does not utilize the benefits of StackSets. Option D is incorrect because it refers to stacks instead of stack sets, which do not provide the same organizational deployment capabilities.