SOA-C02 · Question #641
SOA-C02 Question #641: Real Exam Question with Answer & Explanation
The correct answer is D: In the CloudFormation template, add a condition that is true when the primary Region is used.. IAM roles are global resources; if the same role is created in multiple regions, a conflict occurs. In this scenario, the IAM role is successfully created in the primary region but fails in the secondary region because the role already exists. By adding a condition to the CloudFo
Question
A company has created an AWS CloudFormation template that includes only an IAM role. The company needs to deploy the template to the company's primary and secondary AWS Regions. During deployment, the template launches successfully in the primary Region. However, CloudFormation returns an error in the secondary Region. How should a SysOps administrator resolve the error?
Options
- ARedeploy the CloudFormation template as a stack set with service-managed permissions.
- BRedeploy the CloudFormation template as a stack set with self-managed permissions.
- CIn the secondary Region, remove the CAPABILITY_IAM capability when the stack is created.
- DIn the CloudFormation template, add a condition that is true when the primary Region is used.
Explanation
IAM roles are global resources; if the same role is created in multiple regions, a conflict occurs. In this scenario, the IAM role is successfully created in the primary region but fails in the secondary region because the role already exists. By adding a condition to the CloudFormation template that evaluates to true only when deployed in the primary region, the template will create the IAM role only once. This prevents duplicate creation across regions while still allowing the template to be deployed in both the primary and secondary regions.
Community Discussion
No community discussion yet for this question.