AWS DevOps Engineer Professional DOP-C01 – Question153

A company wants to automatically re-create its infrastructure using AWS CloudFormation as part of the company's quality assurance (QA) pipeline. For each QA run, a new VPC must be created in a single account, resources must be deployed into the VPC, and tests must be run against this new infrastructure. The company policy states that all VPCs must be peered with a central management VPC to allow centralized logging. The company has existing CloudFormation templates to deploy its VPC and associated resources.
Which combination of steps will achieve the goal in a way that is automated and repeatable? (Choose two.)

A.
Create an AWS Lambda function that is invoked by an Amazon CloudWatch Events rule when a CreateVpcPeeringConnection API call is made. The Lambda function should check the source of the peering request, accepts the request, and update the route tables for the management VPC to allow traffic to go over the peering connection.
B. In the CloudFormation template:

  • Invoke a custom resource to generate unique VPC CIDR ranges for the VPC and subnets.
  • Create a peering connection to the management VPC.
  • Update route tables to allow traffic to the management VPC.
  • [/*]
  • C. In the CloudFormation template:
  • [*]
  • Use the Fn::Cidr function to allocate an unused CIDR range for the VPC and subnets.
  • Create a peering connection to the management VPC.
  • Update route tables to allow traffic to the management VPC.

D. Modify the CloudFormation template to include a mappings object that includes a list of /16 CIDR ranges for each account where the stack will be deployed.
E. Use CloudFormation StackSets to deploy the VPC and associated resources to multiple AWS accounts using a custom resource to allocate unique CIDR ranges. Create peering connections from each VPC to the central management VPC and accept those connections in the management VPC.

Correct Answer: BD