Table of Contents
How Do CloudFormation and Service Catalog Work for Resource Deployment?
Discover the key AWS services used for resource provisioning and orchestration. Understand how AWS CloudFormation provides the engine for Infrastructure as Code and how AWS Service Catalog offers a governed way to deploy pre-approved resources.
Question
Which AWS services are used to provision and orchestrate resources in their environment? (Select TWO.)
A. AWS Service Catalog
B. AWS Control Tower
C. AWS Organizations
D. AWS CloudFormation
E. Amazon CloudWatch
Answer
A. AWS Service Catalog
D. AWS CloudFormation
Explanation
The correct answers are A. AWS Service Catalog and D. AWS CloudFormation. These services are central to defining, provisioning, and orchestrating AWS resources in a standardized and automated manner.
D. AWS CloudFormation: This is the foundational Infrastructure as Code (IaC) service on AWS. It allows you to define a collection of related AWS resources in a template file (in JSON or YAML format). CloudFormation then reads this template and handles the provisioning and configuration of these resources in an orderly and predictable way. It orchestrates the entire lifecycle of the resource stack, including creation, updates, and deletion, managing dependencies between resources automatically.
A. AWS Service Catalog: This service provides a governance layer on top of provisioning tools like AWS CloudFormation. It enables administrators to create and manage catalogs of “products,” which are essentially pre-approved, standardized AWS CloudFormation templates. End-users, such as developers, can then browse this catalog and provision the resources they need with a single click, without needing to interact with or understand the underlying template. Service Catalog orchestrates the deployment through this governed, self-service model.
Incorrect Options
B. AWS Control Tower: This service orchestrates the creation and governance of a multi-account AWS environment (a landing zone), not the specific application resources within those accounts. It uses CloudFormation in the background to set up accounts and guardrails but is not the tool used for general resource provisioning by developers.
C. AWS Organizations: This is a service for centrally managing and governing accounts. It applies security and spending policies at the account level but does not provision or orchestrate resources like EC2 instances or databases within them.
E. Amazon CloudWatch: This is a monitoring and observability service. It collects metrics, logs, and events to provide insight into the performance and health of resources, but it is not used to provision or create them.
AWS Security Governance at Scale certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the AWS Security Governance at Scale exam and earn AWS Security Governance at Scale certificate.