New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon SAP-C02 Exam - Topic 3 Question 22 Discussion

Actual exam question for Amazon's SAP-C02 exam
Question #: 22
Topic #: 3
[All SAP-C02 Questions]

A solutions architect is preparing to deploy a new security tool into several previously unused AWS Regions. The solutions architect will deploy the tool by using an AWS CloudFormation stack set. The stack set's template contains an 1AM role that has a custom name. Upon creation of the stack set. no stack instances are created successfully.

What should the solutions architect do to deploy the stacks successfully?

Show Suggested Answer Hide Answer
Suggested Answer: A

The CAPABILITY_NAMED_IAM capability is required when creating or updating CloudFormation stacks that contain IAM resources with custom names. This capability acknowledges that the template might create IAM resources that have broad permissions or affect other resources in the AWS account. The stack set's template contains an IAM role that has a custom name, so this capability is needed. Enabling the new Regions in all relevant accounts is also necessary to deploy the stack set across multiple Regions and accounts.

Option B is incorrect because the Service Quotas console is used to view and manage the quotas for AWS services, not for CloudFormation stacks. The number of stacks per Region per account is not a service quota that can be increased.

Option C is incorrect because the SELF_MANAGED permissions model is used when the administrator wants to retain full permissions to manage stack sets and stack instances. This model does not affect the creation of the stack set or the requirement for the CAPABILITY_NAMED_IAM capability.

Option D is incorrect because an administration role ARN is optional when creating a stack set. It is used to specify a role that CloudFormation assumes to create stack instances in the target accounts. It does not affect the creation of the stack set or the requirement for the CAPABILITY_NAMED_IAM capability.


1: AWS CloudFormation stack sets

2: Acknowledging IAM resources in AWS CloudFormation templates

3: AWS CloudFormation stack set permissions

by Theola at Dec 26, 2023, 04:39 PM

Limited Time Offer

25%

Off

Get Premium SAP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Burma
3 months ago
Wait, can you really deploy in unused regions like that? Sounds risky!
upvoted 0 times
...
Freeman
3 months ago
No way, it’s all about the permissions model too!
upvoted 0 times
...
Deeanna
3 months ago
I thought you didn't need to specify that capability for all regions?
upvoted 0 times
...
Farrah
4 months ago
Definitely agree, CAPABILITY_NAMED_IAM is a must!
upvoted 0 times
...
Darnell
4 months ago
You need to enable the new Regions first.
upvoted 0 times
...
Quentin
4 months ago
I’m a bit confused about the administration role ARN. I thought it was only necessary for certain configurations, but I can't remember the details.
upvoted 0 times
...
Jamal
4 months ago
This question seems similar to one we practiced where we had to deal with IAM roles in CloudFormation. I feel like option A might be the right choice.
upvoted 0 times
...
Selma
4 months ago
I think specifying the CAPABILITY_NAMED_IAM is crucial, but I can't recall if we also need to set the permissions model.
upvoted 0 times
...
Tammi
5 months ago
I remember something about needing to enable regions for stack sets, but I'm not sure if that's the only step needed.
upvoted 0 times
...
Cheryl
5 months ago
The question mentions no stack instances were created successfully, so I'm guessing there's an issue with permissions or service quotas that needs to be addressed. I'll need to review the options carefully.
upvoted 0 times
...
Desire
5 months ago
Okay, I think I've got it. The solution is to enable the new Regions and specify the CAPABILITY_NAMED_IAM capability when creating the stack set. Seems like a pretty standard CloudFormation deployment scenario.
upvoted 0 times
...
Yong
5 months ago
This question seems straightforward, but I want to make sure I understand the key details before answering.
upvoted 0 times
...
Rasheeda
5 months ago
Hmm, the issue seems to be with the IAM role in the CloudFormation stack set template. I think I need to look into the CAPABILITY_NAMED_IAM requirement more closely.
upvoted 0 times
...
Susy
5 months ago
This looks like a classic cost accounting question. I'll focus on the key concepts of differential, incremental, and opportunity costs.
upvoted 0 times
...
Eden
5 months ago
This looks like a tricky question. I'll need to carefully compare the hierarchies to identify the differences.
upvoted 0 times
...
Eleni
5 months ago
I'm pretty sure Rapid PVST+ is a better option than STP for reducing convergence time, but I'm not fully confident about whether MST would be more efficient in all cases.
upvoted 0 times
...
Dana
5 months ago
Easy peasy! The question clearly states the server can operate at 40C, so the answer is TRUE.
upvoted 0 times
...
Xuan
2 years ago
Ha! CAPABILITY_NAMED_IAM, more like CAPABILITY_BRAIN_IAM, am I right? But seriously, I think that's the key here.
upvoted 0 times
Angelica
2 years ago
A) Enable the new Regions in all relevant accounts. Specify the CAPABILITY_NAMED_IAM capability during the creation of the stack set.
upvoted 0 times
...
Johna
2 years ago
B) Use the Service Quotas console to request a quota increase for the number of CloudFormation stacks in each new Region in all relevant accounts. Specify the CAPABILITY_NAMED_IAM capability during the creation of the stack set.
upvoted 0 times
...
Pearlie
2 years ago
A) Enable the new Regions in all relevant accounts. Specify the CAPABILITY_NAMED_IAM capability during the creation of the stack set.
upvoted 0 times
...
...
Florinda
2 years ago
I'm not sure about the Service Quotas console part. That seems a bit overkill for this scenario.
upvoted 0 times
...
Jutta
2 years ago
Yeah, I agree. We definitely need to enable the new Regions first, and specifying the CAPABILITY_NAMED_IAM capability seems important.
upvoted 0 times
...
Mariko
2 years ago
Hmm, this question seems a bit tricky. I'm not entirely sure about the correct answer, but I think it has something to do with the IAM role and the new Regions.
upvoted 0 times
...

Save Cancel