A company is migrating its applications to AWS. The applications will be deployed to AWS accounts owned by business units. The company has several teams of developers who are responsible for the development and maintenance of all applications. The company is expecting rapid growth in the number of users. The company's chief technology officer has the following requirements: Developers must launch the AWS infrastructure using AWS CloudFormation. Developers must not be able to create resources outside of CloudFormation. The solution must be able to scale to hundreds of AWS accounts. Which of the following would meet these requirements? (Choose two.)
A) Using CloudFormation, create an IAM role that can be assumed by CloudFormation that has permissions to create all the resources the company needs. Use CloudFormation StackSets to deploy this template to each AWS account.
B) In a central account, create an IAM role that can be assumed by developers, and attach a policy that allows interaction with CloudFormation. Modify the AssumeRolePolicyDocument action to allow the IAM role to be passed to CloudFormation.
C) Using CloudFormation, create an IAM role that can be assumed by developers, and attach policies that allow interaction with and passing a role to CloudFormation. Attach an inline policy to deny access to all other AWS services. Use CloudFormation StackSets to deploy this template to each AWS account.
D) Using CloudFormation, create an IAM role for each developer, and attach policies that allow interaction with CloudFormation. Use CloudFormation StackSets to deploy this template to each AWS account.
E) In a central AWS account, create an IAM role that can be assumed by CloudFormation that has permissions to create the resources the company requires. Create a CloudFormation stack policy that allows the IAM role to manage resources. Use CloudFormation StackSets to deploy the CloudFormation stack policy to each AWS account.
Correct Answer:
Verified
Q818: In Amazon ElastiCache replication groups of Redis,
Q819: A company is running a legacy application
Q820: A company is using an existing orchestration
Q821: A company that provisions job boards for
Q822: A company is currently using AWS CodeCommit
Q824: In Amazon RDS for PostgreSQL, you can
Q825: A company is manually deploying its application
Q826: Which of the following statements is NOT
Q827: A company has a policy that all
Q828: Regarding Amazon SNS, you can send notification
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents