A company is expanding its store network and intends to deploy a customized web application for each new store upon opening. Each application will have distinct non-production and production environments, each hosted in separate AWS accounts. The company utilizes AWS Organizations, with a specific Organizational Unit (OU) designated for these accounts. The majority of the development tasks are assigned to external third-party teams. A security engineer has developed an AWS CloudFormation template to standardize the deployment process. The engineer's next task is to ensure that all development teams adhere to this standardized deployment plan, while also restricting access to the deployment details to only those developers who require it. What is the most secure method for the security engineer to proceed with these requirements?

Exam-Like

A

Create an AWS Service Catalog portfolio in the organization's management account. Upload the CloudFormation template. Add the template to the portfolio's product list. Share the portfolio with the OU.

37.5%

B

Use the CloudFormation CLI to create a module from the CloudFormation template. Register the module as a private extension in the CloudFormation registry. Publish the extension. In the OU, create an SCP that allows access to the extension.

12.5%

C

Create an AWS Service Catalog portfolio in the organization's management account. Upload the CloudFormation template. Add the template to the portfolio's product list. Create an IAM role that has a trust policy that allows cross-account access to the portfolio for users in the OU accounts. Attach the AWSServiceCatalogEndUserFullAccess managed policy to the role.

37.5%

D

Use the CloudFormation CLI to create a module from the CloudFormation template. Register the module as a private extension in the CloudFormation registry. Publish the extension. Share the extension with the OU.

12.5%

Powered ByGPT-5.2

AWS Certified Security - Specialty

Get started today

Comments