Answer-first summary for fast verification
Answer: Enable the new Regions in all relevant accounts and specify the CAPABILITY_NAMED_IAM capability during the stack set creation.
The correct answer is A. When deploying a CloudFormation stack set that includes an IAM role with a custom name, especially into previously unused AWS Regions, it is necessary to enable those regions first. Additionally, you need to specify the CAPABILITY_NAMED_IAM capability to acknowledge that the stack template contains an IAM role with a custom name. Not doing so would prevent the stack instances from being created successfully.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A solutions architect is tasked with deploying a new security tool across multiple previously unused AWS Regions using an AWS CloudFormation stack set. The stack set's template includes an IAM role with a custom name. However, upon attempting to create the stack set, no stack instances are successfully deployed. What corrective action should the solutions architect take to ensure successful deployment of the stacks?
A
Enable the new Regions in all relevant accounts and specify the CAPABILITY_NAMED_IAM capability during the stack set creation.
B
Request a quota increase for the number of CloudFormation stacks in each new Region via the Service Quotas console and specify the CAPABILITY_IAM capability during the stack set creation.
C
Specify the CAPABILITY_NAMED_IAM capability and use the SELF_MANAGED permissions model during the stack set creation.
D
Specify an administration role ARN and the CAPABILITY_IAM capability during the stack set creation.
No comments yet.