AWS Certified SysOps Administrator – Associate (legacy) — Question 891

A company with dozens of AWS accounts wants to ensure that governance rules are being applied across all accounts. The CIO has recommended that AWS
Config rules be deployed using an AWS CloudFormation template. How should these requirements be met?

Answer options

• A. Create a CloudFormation stack set, then select the CloudFormation template and use it to configure the AWS accounts
• B. Write a script that iterates over the company's AWS accounts and executes the CloudFormation template in each account
• C. Use AWS Organizations to execute the CloudFormation template in all accounts
• D. Create a CloudFormation stack in the master account of AWS Organizations and execute the CloudFormation template to create AWS Config rules in all accounts

Correct answer: A

Explanation

AWS CloudFormation StackSets allow administrators to deploy CloudFormation templates across multiple AWS accounts and Regions in a single operation, making it the ideal tool for this scenario. While scripting or using AWS Organizations directly might seem possible, StackSets is the native, built-in feature designed specifically for multi-account CloudFormation deployments. Creating a standard stack in the management account only deploys resources within that specific account, not across the member accounts.