AWS Certified CloudOps Engineer Associate SOA-C03 Practice Question
A company uses AWS CloudFormation to deploy a new stack. The template creates several IAM roles with fixed names and attaches them to a Lambda function. Deployment fails immediately with the message: "Resource of type 'AWSIAMRole' with name 'audit-role' may not be created." What is the MOST appropriate way to remediate the failure and deploy the stack successfully?
Convert the template into a nested stack to isolate IAM resources.
Re-launch the stack and specify the CAPABILITY_NAMED_IAM capability.
Enable termination protection on the stack before redeploying.
Add a DependsOn attribute so the Lambda function is created after the IAM role.
CloudFormation blocks the creation or replacement of explicitly named IAM roles, users, or groups unless the caller acknowledges the risk. Passing the CAPABILITY_NAMED_IAM flag (through the console checkbox or the --capabilities parameter in the CLI) tells CloudFormation that the operator is aware the template will create or replace specific IAM identities. Adding DependsOn, enabling termination protection, or restructuring the template does not resolve the permission validation error; the stack will continue to fail during the IAM resource creation phase until CAPABILITY_NAMED_IAM is supplied.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does CAPABILITY_NAMED_IAM mean in CloudFormation?
Open an interactive chat with Bash
Why does CloudFormation block creation of named IAM resources without CAPABILITY_NAMED_IAM?
Open an interactive chat with Bash
How do you pass CAPABILITY_NAMED_IAM using the AWS CLI?
Open an interactive chat with Bash
What is the CAPABILITY_NAMED_IAM flag?
Open an interactive chat with Bash
Why does CloudFormation block explicitly named IAM resources without CAPABILITY_NAMED_IAM?
Open an interactive chat with Bash
How do you specify CAPABILITY_NAMED_IAM in CloudFormation?
Open an interactive chat with Bash
AWS Certified CloudOps Engineer Associate SOA-C03
Deployment, Provisioning, and Automation
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .