Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

Amazon Exam SAP-C02 Topic 3 Question 22 Discussion

Actual exam question for Amazon's SAP-C02 exam
Question #: 22
Topic #: 3
[All SAP-C02 Questions]

A solutions architect is preparing to deploy a new security tool into several previously unused AWS Regions. The solutions architect will deploy the tool by using an AWS CloudFormation stack set. The stack set's template contains an 1AM role that has a custom name. Upon creation of the stack set. no stack instances are created successfully.

What should the solutions architect do to deploy the stacks successfully?

Show Suggested Answer Hide Answer
Suggested Answer: A

The CAPABILITY_NAMED_IAM capability is required when creating or updating CloudFormation stacks that contain IAM resources with custom names. This capability acknowledges that the template might create IAM resources that have broad permissions or affect other resources in the AWS account. The stack set's template contains an IAM role that has a custom name, so this capability is needed. Enabling the new Regions in all relevant accounts is also necessary to deploy the stack set across multiple Regions and accounts.

Option B is incorrect because the Service Quotas console is used to view and manage the quotas for AWS services, not for CloudFormation stacks. The number of stacks per Region per account is not a service quota that can be increased.

Option C is incorrect because the SELF_MANAGED permissions model is used when the administrator wants to retain full permissions to manage stack sets and stack instances. This model does not affect the creation of the stack set or the requirement for the CAPABILITY_NAMED_IAM capability.

Option D is incorrect because an administration role ARN is optional when creating a stack set. It is used to specify a role that CloudFormation assumes to create stack instances in the target accounts. It does not affect the creation of the stack set or the requirement for the CAPABILITY_NAMED_IAM capability.


1: AWS CloudFormation stack sets

2: Acknowledging IAM resources in AWS CloudFormation templates

3: AWS CloudFormation stack set permissions

Contribute your Thoughts:

Xuan
8 months ago
Ha! CAPABILITY_NAMED_IAM, more like CAPABILITY_BRAIN_IAM, am I right? But seriously, I think that's the key here.
upvoted 0 times
Angelica
8 months ago
A) Enable the new Regions in all relevant accounts. Specify the CAPABILITY_NAMED_IAM capability during the creation of the stack set.
upvoted 0 times
...
Johna
8 months ago
B) Use the Service Quotas console to request a quota increase for the number of CloudFormation stacks in each new Region in all relevant accounts. Specify the CAPABILITY_NAMED_IAM capability during the creation of the stack set.
upvoted 0 times
...
Pearlie
8 months ago
A) Enable the new Regions in all relevant accounts. Specify the CAPABILITY_NAMED_IAM capability during the creation of the stack set.
upvoted 0 times
...
...
Florinda
8 months ago
I'm not sure about the Service Quotas console part. That seems a bit overkill for this scenario.
upvoted 0 times
...
Jutta
8 months ago
Yeah, I agree. We definitely need to enable the new Regions first, and specifying the CAPABILITY_NAMED_IAM capability seems important.
upvoted 0 times
...
Mariko
8 months ago
Hmm, this question seems a bit tricky. I'm not entirely sure about the correct answer, but I think it has something to do with the IAM role and the new Regions.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77