AWS Certified SysOps Administrator – Associate — Question 96

A company uses AWS Organizations to manage multiple AWS accounts. The company’s SysOps team has been using a manual process to create and manage IAM roles. The team requires an automated solution to create and manage the necessary IAM roles for multiple AWS accounts.

What is the MOST operationally efficient solution that meets these requirements?

Answer options

• A. Create AWS CloudFormation templates. Reuse the templates to create the necessary IAM roles in each of the AWS accounts.
• B. Use AWS Directory Service with AWS Organizations to automatically associate the necessary IAM roles with Microsoft Active Directory users.
• C. Use AWS Resource Access Manager with AWS Organizations to deploy and manage shared resources across the AWS accounts.
• D. Use AWS CloudFormation StackSets with AWS Organizations to deploy and manage IAM roles for the AWS accounts.

Correct answer: D

Explanation

The correct answer is D because AWS CloudFormation StackSets allows for the deployment of CloudFormation templates across multiple accounts and regions, making it the most efficient way to automate IAM role management. Option A, while useful, requires manual template reuse for each account, and options B and C do not address the direct requirement of managing IAM roles specifically.