🔥 3-day streak
AWS Certified DevOps Engineer - Professional53 / 204
Question 53 of 204

A company uses a CloudFormation StackSet with the SERVICE_MANAGED permission model to deploy a standardized VPC baseline to all accounts in an Organizational Unit (OU). Application teams have local administrative access in their member accounts and occasionally modify the VPC resources deployed by the StackSet, causing configuration drift. Leadership wants to guarantee that these baseline resources cannot be modified or deleted by application teams in the first place, rather than detecting and remediating drift after it occurs. Which approach BEST meets this requirement?

Reviewed for accuracy · Report an issueNext question