A company’s DevOps engineer manages an organization in AWS Organizations. The organization includes many accounts. The company needs all AWS CloudFormation stacks in production accounts to have termination protection enabled. Non-production accounts do not need termination protection. The company has designated a centralized account for AWS Config aggregation and has configured all accounts to support the use of CloudFormation and AWS Config. The company also has grouped all production accounts into an OU. Which solution will meet these requirements?

Topic #: - All AWS DevOps Engineer Professional Questions

A. Create an AWS Config rule to detect stacks that do not have termination protection enabled. Add a remediation action to the rule to enable termination protection. Deploy the rule across the organization by using the PutOrganizationConfigRule API operation.
B. Create a CloudFormation template that deploys an AWS Config rule to detect stacks that do not have termination protection enabled. Add a remediation action to the rule to enable termination protection. Deploy the template to the OU of the production accounts by using CloudFormation StackSets. Most Voted
C. Create an SCP that denies cloudformation:DeleteStack actions. Apply the SCP to the OU of the production accounts by using CloudFormation StackSets.
D. Create a CloudFormation stack policy that denies Update:Delete actions. Apply the policy to the OU of the production accounts by using CloudFormation StackSets.

- Awsexamhub website is not related to, affiliated with, endorsed or authorized by Amazon.
- Trademarks, certification & product names are used for reference only and belong to Amazon.

Suggested Answer:

Reference Material:

Suggested Answer:

Reference Material:

Share this post

Join the Discussion