AWS Certified SysOps Administrator – Associate — Question 413

A SysOps administrator has successfully deployed a VPC with an AWS CloudFormation template. The SysOps administrator wants to deploy the same template across multiple accounts that are managed through AWS Organizations.
Which solution will meet this requirement with the LEAST operational overhead?

Answer options

• A. Assume the OrganizationAccountAccessRole IAM role from the management account. Deploy the template in each of the accounts.
• B. Create an AWS Lambda function to assume a role in each account. Deploy the template by using the AWS CloudFormation CreateStack API call.
• C. Create an AWS Lambda function to query for a list of accounts. Deploy the template by using the AWS CloudFormation CreateStack API call.
• D. Use AWS CloudFormation StackSets from the management account to deploy the template in each of the accounts.

Correct answer: D

Explanation

AWS CloudFormation StackSets is designed specifically to deploy CloudFormation templates across multiple AWS accounts and regions from a central account, making it the solution with the least operational overhead. Manually deploying the template by assuming roles in each account or writing custom AWS Lambda functions to orchestrate the CreateStack API calls introduces unnecessary administrative complexity and maintenance overhead.