AWS Certified Solutions Architect – Professional — Question 441
A company is using AWS Organizations to manage multiple AWS accounts. For security purposes, the company requires the creation of an Amazon Simple
Notification Service (Amazon SNS) topic that enables integration with a third-party alerting system in all the Organizations member accounts.
A solutions architect used an AWS CloudFormation template to create the SNS topic and stack sets to automate the deployment of CloudFormation stacks.
Trusted access has been enabled in Organizations.
What should the solutions architect do to deploy the CloudFormation StackSets in all AWS accounts?
Answer options
- A. Create a stack set in the Organizations member accounts. Use service-managed permissions. Set deployment options to deploy to an organization. Use CloudFormation StackSets drift detection.
- B. Create stacks in the Organizations member accounts. Use self-service permissions. Set deployment options to deploy to an organization. Enable the CloudFormation StackSets automatic deployment.
- C. Create a stack set in the Organizations master account. Use service-managed permissions. Set deployment options to deploy to the organization. Enable CloudFormation StackSets automatic deployment.
- D. Create stacks in the Organizations master account. Use service-managed permissions. Set deployment options to deploy to the organization. Enable CloudFormation StackSets drift detection.
Correct answer: C
Explanation
To deploy resources across an entire AWS Organization automatically, the StackSet must be configured from the management (master) account using service-managed permissions, which utilizes the trusted access already enabled. Enabling automatic deployment ensures that any newly created or added member accounts in the organization will automatically receive the SNS topic deployment. Other options either attempt to deploy from member accounts, use individual stacks instead of StackSets, or fail to enable the automatic deployment feature required for seamless scaling.