Implementing Configurations Across Multiple AWS Regions and Accounts
Question
Your company uses AWS platform to host most of its applications and services.
As an AWS administrator, you have managed a large number of AWS resources to meet the business needs.
Sometimes, you have to create, update or delete similar resources in many AWS regions and accounts.
For example, you need to configure an AWS Config rule to determine if CloudTrail was enabled in all accounts.
Which way is the best for you to implement such kind of configurations across multiple regions or accounts in a single operation?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer - D.
The key of the question is that AWS resources need to be configured or maintained across different regions and accounts in a single operation.
CloudFormation StackSets should be considered first as it can easily provision CloudFormation stacks for selected target accounts across specified regions.
Refer to the document in https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/what-is-cfnstacksets.html.
Option A is incorrect: Because single CloudFormation stack cannot meet the need.
CloudFormation StackSets should be used.
Option B is incorrect: Because Lambda functions have to be maintained in different regions/accounts.
This approach is less efficient.
Option C is incorrect: Users cannot execute pipelines in one single operation across regions and accounts.
Option D is CORRECT: Regions and accounts can be selected for a single CloudFormation StackSets.
Refer to the below screenshot:
The best way to implement configurations across multiple AWS regions and accounts is by using CloudFormation StackSets. Therefore, the answer is D.
CloudFormation StackSets allows you to create, update, or delete AWS CloudFormation stacks across multiple accounts and regions with a single operation. It simplifies the deployment process of AWS resources at scale and provides consistency across multiple accounts and regions.
CloudFormation StackSets can be used to deploy resources to all accounts in an organization, multiple accounts in a region, or multiple regions. It also provides flexibility in specifying which accounts and regions to deploy to depending on your requirements.
Here are the steps to create CloudFormation StackSets:
- Create a CloudFormation template for the resources you want to deploy.
- Create a StackSet from the template and specify the accounts and regions you want to deploy the resources to.
- Deploy the StackSet, and CloudFormation will create, update, or delete the resources in the specified accounts and regions.
CloudFormation StackSets also provide features such as drift detection, which can detect any configuration changes made outside of the StackSet, and automatic rollback in case of any failures during deployment.
Option A, creating CloudFormation templates and creating CloudFormation stacks, is a valid approach, but it requires you to manually deploy the stacks to each region and account, which can be time-consuming and error-prone.
Option B, creating Lambda functions, is not the best approach as it requires you to manually manage the deployment of Lambda functions to multiple regions and accounts, and it can be difficult to ensure consistency across multiple functions.
Option C, using AWS CodePipeline and CodeDeploy, can also be a valid approach, but it requires additional setup and configuration, and it may not be the best option if you are only deploying CloudFormation stacks. CodePipeline and CodeDeploy are better suited for more complex deployments where you need to perform testing, validation, and custom deployment logic.
