What should a SysOps administrator do to meet these requirements?
Create a CloudFormation template that is stored in Amazon S3. Configure Cross-Region Replication (CRR) on the S3 bucket. Reference the required accounts and remote Regions in the input template parameters.
In the central administration account, create a CloudFormation primary template that loads CloudFormation nested stacks from Amazon S3 buckets in the target Regions.
Create CloudFormation nested stacks by using a primary template in the central administration account. Configure the required accounts and Regions for deployment of the nested stacks.
Create a CloudFormation stack set that includes service-managed permissions. Deploy the stack set into the required accounts and Regions from the central administration account.
Explanations:
While storing the CloudFormation template in Amazon S3 and using Cross-Region Replication might help with template availability, it doesn’t address the deployment of the template itself across multiple AWS Regions and accounts. Additionally, using input parameters for Regions and accounts doesn’t automate the deployment process.
Using a primary CloudFormation template that loads nested stacks from S3 buckets in other Regions requires manual management of Regions and accounts, which is more complex and doesn’t leverage automation at scale. It’s not the most efficient method for cross-region deployment.
Using nested stacks in a central administration account is not the best solution for deploying across multiple Regions and accounts. It would require manual management of the target accounts and Regions, making it less automated and more complex.
A CloudFormation stack set with service-managed permissions allows for the automated deployment of CloudFormation stacks across multiple AWS Regions and accounts. The central administration account can manage the stack set, and AWS handles the permissions and deployment, making this the most efficient and scalable solution.
I outline that the answer is:
Create a CloudFormation stack set that includes service-managed permissions. Deploy the stack set into the required accounts and Regions from the central administration account.