ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 336 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 336
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company uses an organization in AWS Organizations to manage 10 AWS accounts. All features are enabled, and trusted access for AWS CloudFormation is enabled.

A DevOps engineer needs to use CloudFormation to deploy an IAM role to the Organizations management account and all member accounts in the organization.

Which solution will meet these requirements with the LEAST operational overhead?

  • A. Create a CloudFormation StackSet that has service-managed permissions. Set the root OU as a deployment target.
  • B. Create a CloudFormation StackSet that has service-managed permissions. Set the root OU as a deployment target. Deploy a separate CloudFormation stack in the Organizations management account.
  • C. Create a CloudFormation StackSet that has self-managed permissions. Set the root OU as a deployment target.
  • D. Create a CloudFormation StackSet that has self-managed permissions. Set the root OU as a deployment target. Deploy a separate CloudFormation stack in the Organizations management account.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by f4b18ba at Nov. 22, 2024, 11:31 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
CHRIS12722222
Highly Voted 6 months, 3 weeks ago
Selected Answer: B
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-orgs-associate-stackset-with-org.html#:~:text=StackSets%20doesn%27t%20deploy%20stack%20instances%20to%20the%20organization%27s%20management%20account%2C%20even%20if%20the%20management%20account%20is%20in%20your%20organization%20or%20in%20an%20OU%20in%20your%20organization Stackset cant deploy to management acct
upvoted 6 times
...
Srikantha
Most Recent 3 months, 2 weeks ago
Selected Answer: A
CloudFormation StackSets with service-managed permissions use AWS Organizations integration to automatically assume roles in target accounts — no manual role setup required. Setting the root OU as the deployment target means that the stack set will deploy to all existing and future accounts in the organization. You don’t need to separately deploy anything to the management account unless it must be treated differently (which is not mentioned here). This is the most hands-off, scalable approach — ideal for centrally managing IAM roles across all accounts in an organization.
upvoted 1 times
...
jojewi8143
5 months, 2 weeks ago
Selected Answer: B
Stackset cant deploy to management account.
upvoted 2 times
...
spring21
6 months, 4 weeks ago
Selected Answer: A
StackSets automatically generates the IAM roles required to deploy stack instances. You can create the IAM roles required by the AWS CloudFormation StackSets feature in the management account of AWS Organizations.
upvoted 2 times
spring21
6 months, 4 weeks ago
Service-managed permissions StackSets automatically generate the IAM roles required to deploy stack instances. You can create the IAM roles required by the AWS CloudFormation StackSets feature in the management account of AWS Organizations. You can also delegate the management of StackSets to member accounts.
upvoted 1 times
...
...
Impromptu
7 months, 3 weeks ago
Selected Answer: B
Should be B I think. A stackset with service-managed permissions does not deploy to the management account. "StackSets doesn't deploy stack instances to the organization's management account, even if the management account is in your organization or in an OU in your organization." https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-getting-started-create.html#stacksets-orgs-associate-stackset-with-org
upvoted 3 times
...
Changwha
7 months, 3 weeks ago
Selected Answer: A
A. Create a CloudFormation StackSet that has service-managed permissions. Set the root OU as a deployment target.
upvoted 1 times
...
f4b18ba
7 months, 3 weeks ago
Selected Answer: A
Using service-managed permissions simplifies the deployment process because AWS manages the permissions required for deploying the StackSet. This reduces the complexity and effort involved in setting up and managing permissions manually. By setting the root Organizational Unit (OU) as the deployment target, the StackSet will automatically deploy the IAM role to all AWS accounts under the root OU, including both existing and future accounts. This ensures comprehensive and automatic coverage. Service-managed StackSets provide a streamlined and scalable solution, requiring minimal manual intervention and oversight, thus reducing operational overhead.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel