What is the MOST operationally efficient method to deploy and update the VPCs in each account?
Create an AWS CloudFormation template that defines the VPC. Sign in to the AWS Management Console under each account. Create a stack from the template.
Create a shell script that configures the VPC using the AWS CLI. Provide a list of accounts to the shell script from a text file. Create the VPC in every account in the list.
Create an AWS Lambda function that configures the VPStore the account information in Amazon DynamoDB. Grant Lambda access to the DynamoDB table. Create the VPC in every account in the list.
Create an AWS CloudFormation template that defines the VPC. Create an AWS CloudFormation StackSet based on the template. Deploy the template to all accounts using the stack set.
Explanations:
While using AWS CloudFormation to create a stack in each account is a valid approach, it requires manual intervention for each account. This method is not operationally efficient as it does not allow for automated or centralized deployment across multiple accounts.
A shell script can automate the creation of VPCs using the AWS CLI, but it lacks the benefits of infrastructure as code, such as version control and easy updates. Additionally, managing and executing the script across multiple accounts can be complex and error-prone, making it less operationally efficient.
An AWS Lambda function could automate VPC creation, but this option would still require management of account information and may involve more complexity than necessary. It also does not provide a straightforward method for updating existing VPCs in all accounts simultaneously.
Creating an AWS CloudFormation StackSet allows for the centralized management of VPCs across multiple AWS accounts. It enables the deployment of updates to all accounts in one go, ensuring consistency and operational efficiency, as changes to the CloudFormation template can be easily propagated to all VPCs.