AWS Certified SysOps Administrator – Associate — Question 282

A company needs to deploy instances of an application and associated infrastructure to multiple AWS Regions. The company wants to use a single AWS CloudFormation template to achieve this goal. The company uses AWS Organizations and wants to administer and run this template from a central administration account.

What should a SysOps administrator do to meet these requirements?

Answer options

• A. Create a CloudFormation template that is stored in Amazon S3. Configure Cross-Region Replication (CRR) on the S3 bucket. Reference the required accounts and remote Regions in the input template parameters.
• B. In the central administration account, create a CloudFormation primary template that loads CloudFormation nested stacks from Amazon S3 buckets in the target Regions.
• C. Create CloudFormation nested stacks by using a primary template in the central administration account. Configure the required accounts and Regions for deployment of the nested stacks.
• D. Create a CloudFormation stack set that includes service-managed permissions. Deploy the stack set into the required accounts and Regions from the central administration account.

Correct answer: D

Explanation

AWS CloudFormation StackSets allow you to deploy stacks across multiple AWS accounts and Regions from a central location using a single template. By choosing service-managed permissions, the StackSet integrates directly with AWS Organizations, making it the correct service for central administration across multiple accounts and regions. Nested stacks and standard templates do not natively support cross-account and cross-region deployments in this manner.