SOA-C02 · Question #698
SOA-C02 Question #698: Real Exam Question with Answer & Explanation
The correct answer is D: Configure trusted access for AWS Resource Access Manager (AWS RAM) and IPAM. Create an. enable trusted access for IPAM and AWS RAM, - create an IPAM pool and share it organization-wide through RAM, - in the CloudFormation template, have the AWS::EC2::VPC resource reference the pool (Ipv4IpamPoolId and Ipv4NetmaskLength). CloudFormation then automatically allocates a
Question
A company plans to create many AWS accounts. Each account requires a VPC that has a unique IPv4 CIDR allocation. The company has an organization with all features enabled in AWS Organizations. The company uses Amazon VPC IP Address Manager (IPAM) and has deployed an IPAM. A SysOps administrator must automate the VPC creation process. The SysOps administrator creates an AWS CloudFormation template that contains the VPC resources. The SysOps administrator deploys the template as a stack set with the organization root as a deployment target. Which set of steps will complete the automation process?
Options
- ACreate an IPAM pool. Update the CloudFormation template to include an
- BCreate an IPAM pool. Create an AWS Resource Access Manager (AWS RAM) resource share for
- CConfigure trusted access for AWS Resource Access Manager (AWS RAM) and IPAM. Create a
- DConfigure trusted access for AWS Resource Access Manager (AWS RAM) and IPAM. Create an
Explanation
- enable trusted access for IPAM and AWS RAM, - create an IPAM pool and share it organization-wide through RAM, - in the CloudFormation template, have the AWS::EC2::VPC resource reference the pool (Ipv4IpamPoolId and Ipv4NetmaskLength). CloudFormation then automatically allocates a unique CIDR from the shared pool for each stack instance - no separate allocation resource or custom macro needed.
Community Discussion
No community discussion yet for this question.