AWS Certified SysOps Administrator – Associate — Question 322

A company has 50 AWS accounts and wants to create an identical Amazon VPC in each account. Any changes the company makes to the VPCs in the future must be implemented on every VPC.

What is the MOST operationally efficient method to deploy and update the VPCs in each account?

Answer options

• A. Create an AWS CloudFormation template that defines the VPC. Sign in to the AWS Management Console under each account. Create a stack from the template.
• B. Create a shell script that configures the VPC using the AWS CLI. Provide a list of accounts to the shell script from a text file. Create the VPC in every account in the list.
• C. Create an AWS Lambda function that configures the VPStore the account information in Amazon DynamoDB. Grant Lambda access to the DynamoDB table. Create the VPC in every account in the list.
• D. Create an AWS CloudFormation template that defines the VPC. Create an AWS CloudFormation StackSet based on the template. Deploy the template to all accounts using the stack set.

Correct answer: D

Explanation

AWS CloudFormation StackSets allow you to deploy, update, or delete stacks across multiple AWS accounts and regions in a single operation, making it the most operationally efficient solution. Manual deployment per account (Option A) is highly inefficient and prone to errors at this scale. Custom scripting with the AWS CLI (Option B) or AWS Lambda (Option C) requires significant development, testing, and maintenance overhead compared to using native StackSets.