AWS Certified Solutions Architect – Professional — Question 988

A company has its cloud infrastructure on AWS. A solutions architect needs to define the infrastructure as code. The infrastructure is currently deployed in one
AWS Region. The company's business expansion plan includes deployments in multiple Regions across multiple AWS accounts.
What should the solutions architect do to meet these requirements?

Answer options

• A. Use AWS CloudFormation templates. Add IAM policies to control the various accounts. Deploy the templates across the multiple Regions.
• B. Use AWS Organizations. Deploy AWS CloudFormation templates from the management account. Use AWS Control Tower to manage deployments across accounts.
• C. Use AWS Organizations and AWS CloudFormation StackSets. Deploy a CloudFormation template from an account that has the necessary IAM permissions.
• D. Use nested stacks with AWS CloudFormation templates. Change the Region by using nested stacks.

Correct answer: C

Explanation

AWS CloudFormation StackSets, when integrated with AWS Organizations, is the native AWS service designed specifically to deploy CloudFormation templates across multiple AWS accounts and Regions simultaneously from a central administrator account. Option A is incorrect because manual deployment and IAM policy management do not scale efficiently across multiple accounts and regions. Option B and D are incorrect because AWS Control Tower is not the primary tool for template deployment, and nested stacks cannot deploy resources across different Regions or AWS accounts.