Table of Contents
Question
A company needs to deploy instances of an application and associated infrastructure to multiple AWS Regions. The company wants to use a single AWS CloudFormation template to achieve this goal. The company uses AWS Organizations and wants to administer and run this template from a central administration account. What should a SysOps administrator do to meet these requirements?
A. Create a CloudFormation template that is stored in Amazon S3. Configure Cross-Region Replication (CRR) on the S3 bucket. Reference the required accounts and remote Regions in the input template parameters.
B. In the central administration account, create a CloudFormation primary template that loads CloudFormation nested stacks from Amazon S3 buckets in the target Regions.
C. Create CloudFormation nested stacks by using a primary template in the central administration account. Configure the required accounts and Regions for deployment of the nested stacks.
D. Create a CloudFormation stack set that includes service-managed permissions. Deploy the stack set into the required accounts and Regions from the central administration account.
Answer
D. Create a CloudFormation stack set that includes service-managed permissions. Deploy the stack set into the required accounts and Regions from the central administration account.
Explanation
The correct answer is D. Create a CloudFormation stack set that includes service-managed permissions. Deploy the stack set into the required accounts and Regions from the central administration account.
AWS CloudFormation is a service that enables you to create and manage AWS resources using templates. A CloudFormation template is a JSON or YAML file that describes the resources and their properties that you want to provision. You can use CloudFormation to automate and simplify the deployment and management of your AWS infrastructure.
A CloudFormation stack is a collection of AWS resources that are created and managed as a single unit using a CloudFormation template. You can create, update, or delete a stack using the AWS Management Console, AWS CLI, or AWS SDKs.
A CloudFormation stack set is an extension of a stack that allows you to create, update, or delete stacks across multiple accounts and Regions with a single operation. You can use a stack set to centrally manage common resources and ensure consistent configuration across your AWS environment.
To use a stack set, you need to have an administrator account and one or more target accounts. The administrator account is the one where you create and manage the stack set. The target accounts are the ones where you want to deploy the stacks. You also need to have permissions to perform stack set operations in both the administrator and target accounts. You can use service-managed permissions or self-managed permissions to grant these permissions. Service-managed permissions are easier to use, as they allow AWS CloudFormation to automatically create IAM roles and policies for you. Self-managed permissions require you to manually create and maintain IAM roles and policies for each account.
To create a stack set, you need to specify the template that you want to use, the accounts and Regions where you want to deploy the stacks, the parameters and tags that you want to apply to the stacks, and the deployment options that you want to use, such as concurrency and failure tolerance. You can then create stack instances, which are references of stacks in target accounts and Regions that belong to a stack set. You can monitor the status and progress of your stack instances using the AWS Management Console, AWS CLI, or AWS SDKs.
By using a stack set, you can deploy instances of an application and associated infrastructure to multiple AWS Regions using a single CloudFormation template. This solution meets the requirements of the company, as it allows them to maximize cost savings while committing to a pricing model that offers flexibility to make changes. This solution is also the most operationally efficient one, as it does not require them to use any additional services or tools. It also leverages the existing functionality and scalability of AWS CloudFormation and CloudFormation stack sets.
The other options are not correct for the following reasons:
A. Create a CloudFormation template that is stored in Amazon S3. Configure Cross-Region Replication (CRR) on the S3 bucket. Reference the required accounts and remote Regions in the input template parameters.
This option is not correct, as it does not allow them to deploy stacks across multiple accounts and Regions with a single operation. It also does not leverage the existing functionality and scalability of CloudFormation stack sets.
B. In the central administration account, create a CloudFormation primary template that loads CloudFormation nested stacks from Amazon S3 buckets in the target Regions.
This option is not correct, as it does not allow them to deploy stacks across multiple accounts with a single operation. It also does not leverage the existing functionality and scalability of CloudFormation stack sets.
C. Create CloudFormation nested stacks by using a primary template in the central administration account. Configure the required accounts and Regions for deployment of the nested stacks.
This option is not correct, as it does not allow them to deploy stacks across multiple accounts and Regions with a single operation. It also does not leverage the existing functionality and scalability of CloudFormation stack sets.
Reference
- amazon web services – Can I use CloudFormation StackSets to deploy to multiple regions in my own account? – Stack Overflow
- amazon s3 – How To Deploy AWS CloudFormation Template Across Region? – Stack Overflow
- StackSets concepts – AWS CloudFormation (amazon.com)
- Working with AWS CloudFormation StackSets – AWS CloudFormation (amazon.com)
- What’s the difference between update stack and change set in AWS CloudFormation – Stack Overflow
Amazon AWS Certified SysOps Administrator – Associate certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified SysOps Administrator – Associate exam and earn Amazon AWS Certified SysOps Administrator – Associate certification.