AWS Certified CloudOps Engineer Associate SOA-C03 Practice Question
A CloudOps engineer must ensure that a new IAM role and a set of required AWS Config rules are deployed to every account in the company's AWS Organization. The resources must exist in us-east-1 and eu-west-1, and they must also be automatically provisioned when new member accounts are created. The engineer wants the simplest solution with minimal ongoing maintenance. Which approach meets these requirements?
Add the IAM role and Config rules to an AWS Resource Access Manager (RAM) resource share, share it with the organization, and enable automatic sharing with new accounts.
Create a CloudFormation StackSet with service-managed permissions, target the organization's root, enable automatic deployments to new accounts, and specify us-east-1 and eu-west-1 as deployment Regions.
Create a CloudFormation StackSet with self-managed permissions, manually create the required execution roles in each account and Region, and deploy the stack set.
Store the CloudFormation template in an S3 bucket, grant cross-account access, and configure a CodeBuild project in each account and Region to run the template when an EventBridge rule detects a new account.
CloudFormation StackSets with service-managed permissions integrate directly with AWS Organizations. By targeting the organization's root, the engineer can specify automatic deployment so that any new account is provisioned without manual intervention. The stack set can be configured to deploy concurrently to multiple Regions, meeting the us-east-1 and eu-west-1 requirement. Self-managed StackSets require the creation and upkeep of execution roles in every account and Region, increasing operational overhead. CodeBuild solutions would need custom pipelines in each account, while AWS RAM cannot share IAM roles or Config rules because those resource types are not supported. Therefore, using a service-managed CloudFormation StackSet is the most operationally efficient option.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are CloudFormation StackSets?
Open an interactive chat with Bash
What is the difference between service-managed and self-managed permissions in CloudFormation StackSets?
Open an interactive chat with Bash
Why can't AWS RAM share IAM roles or AWS Config rules?
Open an interactive chat with Bash
What are AWS CloudFormation StackSets with service-managed permissions?
Open an interactive chat with Bash
Why can't AWS Resource Access Manager (RAM) be used to share IAM roles or Config rules?
Open an interactive chat with Bash
What is the difference between service-managed and self-managed permissions in CloudFormation StackSets?
Open an interactive chat with Bash
AWS Certified CloudOps Engineer Associate SOA-C03
Deployment, Provisioning, and Automation
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .