AWS Certified DevOps Engineer – Professional — Question 46

A DevOps engineer used an AWS CloudFormation custom resource to set up AD Connector. The AWS Lambda function executed and created AD Connector, but
CloudFormation is not transitioning from CREATE_IN_PROGRESS to CREATE_COMPLETE.
Which action should the engineer take to resolve this issue?

Answer options

• A. Ensure the Lambda function code has exited successfully.
• B. Ensure the Lambda function code returns a response to the pre-signed URL.
• C. Ensure the Lambda function IAM role has cloudformation:UpdateStack permissions for the stack ARN.
• D. Ensure the Lambda function IAM role has ds:ConnectDirectory permissions for the AWS account.

Correct answer: B

Explanation

The correct answer is B because the Lambda function must return a response to the pre-signed URL for CloudFormation to transition to CREATE_COMPLETE. Option A is incorrect because even if the function exits successfully, it must still communicate with CloudFormation. Option C is not relevant to this issue, as the required permissions for updating the stack are not the cause of the transition problem. Option D is also not applicable, as ds:ConnectDirectory permissions do not affect the response to CloudFormation.