Learn how IAM policies can impact the creation of AWS CloudFormation stacks and buckets. Understand the two key factors that could cause stack creation failure and how to resolve them.
Table of Contents
Question
A company has an AWS CloudFormation template that creates an Amazon S3 bucket. A user authenticates to the corporate AWS account with their Active Directory credentials and attempts to deploy the CloudFormation template. However, the stack creation fails.
Which factors could cause this failure? (Choose two.)
A. The user’s IAM policy does not allow the cloudformation:CreateStack action.
B. The user’s IAM policy does not allow the cloudformation:CreateStackSet action.
C. The user’s IAM policy does not allow the s3:CreateBucket action.
D. The user’s IAM policy explicitly denies the s3:ListBucket action.
E. The user’s IAM policy explicitly denies the s3:PutObject action.
Answer
A. The user’s IAM policy does not allow the cloudformation:CreateStack action.
C. The user’s IAM policy does not allow the s3:CreateBucket action.
Explanation
The user’s IAM policy not allowing the cloudformation:CreateStack action would prevent the creation of the stack, and the user’s IAM policy not allowing the s3:CreateBucket action would prevent the creation of the S3 bucket, which is a required resource for the stack.
Amazon AWS Certified SysOps Administrator – Associate certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified SysOps Administrator – Associate exam and earn Amazon AWS Certified SysOps Administrator – Associate certification.