Topic 1 Question 412
A solutions architect is preparing to deploy a new security tool into several previously unused AWS Regions. The solutions architect will deploy the tool by using an AWS CloudFormation stack set. The stack set's template contains an IAM role that has a custom name. Upon creation of the stack set, no stack instances are created successfully.
What should the solutions architect do to deploy the stacks successfully?
Enable the new Regions in all relevant accounts. Specify the CAPABILITY_NAMED_IAM capability during the creation of the stack set.
Use the Service Quotas console to request a quota increase for the number of CloudFormation stacks in each new Region in all relevant accounts. Specify the CAPABILITY_IAM capability during the creation of the stack set.
Specify the CAPABILITY_NAMED_IAM capability and the SELF_MANAGED permissions model during the creation of the stack set.
Specify an administration role ARN and the CAPABILITY_IAM capability during the creation of the stack set.
ユーザの投票
コメント(7)
- 正解だと思う選択肢: A
Some stack templates might include resources that can affect permissions in your AWS account; for example, by creating new AWS Identity and Access Management (IAM) users. For those stacks, you must explicitly acknowledge this by specifying one of these capabilities.
https://docs.aws.amazon.com/AWSCloudFormation/latest/APIReference/API_CreateStack.html
👍 6kejam2024/02/05 - 正解だと思う選択肢: A
Question says "several previously unused AWS Regions" so you have to enable them under the Account first ? And the CAPABILITY_NAMED_IAM for the custom name
👍 5sat20082024/02/18 Correct A
👍 3alexis1234562024/02/05
シャッフルモード