Which solution will meet this requirement with the LEAST operational overhead?
Assume the OrganizationAccountAccessRole IAM role from the management account. Deploy the template in each of the accounts.
Create an AWS Lambda function to assume a role in each account. Deploy the template by using the AWS CloudFormation CreateStack API call.
Create an AWS Lambda function to query for a list of accounts. Deploy the template by using the AWS CloudFormation CreateStack API call.
Use AWS CloudFormation StackSets from the management account to deploy the template in each of the accounts.
Explanations:
Manually assuming the role for each account would add operational overhead, as it requires individual deployment actions for each account rather than a centralized approach.
This approach adds unnecessary complexity by using Lambda to assume roles and deploy stacks in each account, leading to more management overhead compared to simpler solutions.
Querying accounts with Lambda to deploy stacks individually requires additional custom logic, which increases complexity and operational overhead compared to using StackSets.
AWS CloudFormation StackSets allows centralized management from the management account to deploy and manage stacks across multiple accounts in AWS Organizations with low overhead.