🔥 3-day streak
AWS Certified DevOps Engineer - Professional41 / 204
Question 41 of 204
A DevOps team manages a baseline security configuration (IAM roles, AWS Config rules, and a CloudTrail trail) across 40 accounts in an AWS Organization using a service-managed CloudFormation StackSet with automatic deployment enabled for new accounts. During a recent audit, the team discovered that engineers in several accounts had manually modified the deployed IAM roles directly in the console, weakening the intended permissions boundary. The team needs a repeatable, automated way to identify which stack instances no longer match the StackSet template and then restore them to the defined configuration with minimal manual effort. Which approach meets these requirements?
Reviewed for accuracy · Report an issueNext question