AWS Certified CloudOps Engineer Associate SOA-C03 Practice Question
Your company's AWS Organization contains Dev and Prod organizational units (OUs) spanning us-east-1 and us-west-2. Operations must deploy the same CloudWatch alarm and metric filter stack to every account in those OUs and automatically roll it out to any new accounts that are added. The solution should minimize ongoing administration and support automatic rollback on failure. Which approach meets these requirements?
Create a CloudFormation StackSet that uses service-managed permissions, targets the Dev and Prod OUs, and specifies us-east-1 and us-west-2 as deployment Regions so that new accounts automatically receive the stack.
Use AWS Resource Access Manager to share the existing CloudWatch alarm and metric filter from a central account with the Dev and Prod OUs.
Store the template in an S3 bucket and configure an EventBridge rule that triggers a Lambda function on every CreateAccount event to assume a cross-account role and deploy the stack.
Publish the stack as an AWS Service Catalog product and instruct administrators in each account to launch the product in the required Regions.
CloudFormation StackSets with service-managed permissions are designed for centrally deploying stacks across multiple AWS accounts and Regions that are members of an AWS Organization. When you target one or more OUs, CloudFormation automatically creates or updates stacks in every existing account in the specified Regions. If a new account later joins the OU, the StackSet automatically deploys the stack to that account as well, and built-in stack rollback handles failed deployments. AWS RAM cannot share CloudWatch alarms because CloudWatch resources are not a supported shareable type. Service Catalog would require each account owner to launch the product manually, and a custom Lambda triggered by CreateAccount events adds more operational code to build and maintain. Therefore, using a CloudFormation StackSet with service-managed permissions and OU targets is the lowest-effort, fully automatic solution.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are CloudFormation StackSets?
Open an interactive chat with Bash
What are service-managed permissions in CloudFormation StackSets?
Open an interactive chat with Bash
How do StackSets handle new accounts added to Organizational Units (OUs)?
Open an interactive chat with Bash
AWS Certified CloudOps Engineer Associate SOA-C03
Deployment, Provisioning, and Automation
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .