No Result
View All Result
IT Quesion Library
Contribute
No Result
View All Result
No Result
View All Result

A company is migrating its applications to AWS. The applications will be deployed to AWS accounts owned by business units. The company has several teams of developers who are responsible for the development and maintenance of all applications. The company is expecting rapid growth in the number of users. The company's chief technology officer has the following requirements: ✑ Developers must launch the AWS infrastructure using AWS CloudFormation. Developers must…

QuestionsCategory: SAP-C01A company is migrating its applications to AWS. The applications will be deployed to AWS accounts owned by business units. The company has several teams of developers who are responsible for the development and maintenance of all applications. The company is expecting rapid growth in the number of users. The company's chief technology officer has the following requirements: ✑ Developers must launch the AWS infrastructure using AWS CloudFormation. Developers must…
0 Vote Up Vote Down
Admin Staff asked 3 months ago 
A company is migrating its applications to AWS. The applications will be deployed to AWS accounts owned by business units. The company has several teams of developers who are responsible for the development and maintenance of all applications. The company is expecting rapid growth in the number of users.
The company's chief technology officer has the following requirements:
✑ Developers must launch the AWS infrastructure using AWS CloudFormation.
Developers must not be able to create resources outside of CloudFormation.
 Image
✑ The solution must be able to scale to hundreds of AWS accounts.
Which of the following would meet these requirements? (Choose two.)

A. Using CloudFormation, create an IAM role that can be assumed by CloudFormation that has permissions to create all the resources the company needs. Use CloudFormation StackSets to deploy this template to each AWS account.

B. In a central account, create an IAM role that can be assumed by developers, and attach a policy that allows interaction with CloudFormation. Modify the AssumeRolePolicyDocument action to allow the IAM role to be passed to CloudFormation.

C. Using CloudFormation, create an IAM role that can be assumed by developers, and attach policies that allow interaction with and passing a role to CloudFormation. Attach an inline policy to deny access to all other AWS services. Use CloudFormation StackSets to deploy this template to each AWS account.

D. Using CloudFormation, create an IAM role for each developer, and attach policies that allow interaction with CloudFormation. Use CloudFormation StackSets to deploy this template to each AWS account.

E. In a central AWS account, create an IAM role that can be assumed by CloudFormation that has permissions to create the resources the company requires. Create a CloudFormation stack policy that allows the IAM role to manage resources. Use CloudFormation StackSets to deploy the CloudFormation stack policy to each AWS account.






 

Suggested Answer: CE

Community Answer: AC

Reference:
https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html


This question is in SAP-C01 AWS Certified Solutions Architect – Professional Exam
For getting AWS Certified Solutions Architect – Professional Certificate



Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by Amazon.
Trademarks, certification & product names are used for reference only and belong to Amazon.
The website does not contain actual questions and answers from Amazon's Certification Exam.
Question Tags:

Related Questions

Recommended

No Result
View All Result

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In