AWS Certified CloudOps Engineer Associate SOA-C03 Practice Question
A company uses AWS Organizations and has a dedicated shared-services account operated by the network team. The team must deploy the same VPC CloudFormation template to all existing and future member accounts in us-east-1 and us-west-2. Operations leadership requires that:
The network team manages the deployments from the shared-services account only.
Stacks are automatically created in any new account that joins the organization.
Which approach meets these requirements while following AWS best practices?
Create a CloudFormation StackSet with self-managed permissions, manually create the required IAM roles in every member account, and run a scheduled script to add new accounts to the StackSet when they appear.
Create a CloudFormation StackSet in the management account using service-managed permissions, designate the shared-services account as a delegated administrator, target the appropriate OU, and enable automatic deployments to us-east-1 and us-west-2.
Implement AWS CDK pipelines configured in each member account that trigger on AWS Control Tower lifecycle events to deploy the VPC stack to both Regions.
In the shared-services account, deploy individual CloudFormation stacks in each Region and share the VPC subnets to member accounts with AWS Resource Access Manager.
CloudFormation StackSets with service-managed permissions integrate directly with AWS Organizations. By registering the shared-services account as a delegated administrator, the network team can create and manage StackSets without access to the management or member accounts. Targeting an OU and enabling automatic deployments causes stacks to be created in every existing account in the OU and in any future accounts as they are added. The StackSet automatically handles deployment to the specified Regions (us-east-1 and us-west-2).
The other options fall short:
Self-managed StackSets require an IAM administration role in every account and do not automatically include new accounts, so manual scripting would be needed.
Creating individual stacks and sharing resources through AWS RAM does not satisfy the requirement for automatic deployment to future accounts and adds operational overhead.
Separate CDK pipelines in each account introduce unnecessary complexity and still require onboarding for future accounts; they also fail to centralize management in the shared-services account.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a CloudFormation StackSet with service-managed permissions?
Open an interactive chat with Bash
What does it mean to designate a delegated administrator in AWS Organizations?
Open an interactive chat with Bash
What is the purpose of targeting an Organizational Unit (OU) in a CloudFormation StackSet deployment?
Open an interactive chat with Bash
AWS Certified CloudOps Engineer Associate SOA-C03
Deployment, Provisioning, and Automation
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .