DOP-C02 Exam Dumps : AWS Certified DevOps Engineer - Professional

This solution will meet the requirements because it will use CloudFormation nested stacks and stack sets to deploy the templates more efficiently and consistently across multiple regions. Nested stacks allow the company to separate out common components and reuse templates, while stack sets allow the company to create stacks in multiple accounts and regions with a single template. The company can also use Amazon SNS to send notifications to the data engineering team whenever a change is made to the templates or the stacks. Amazon SNS is a service that allows you to publish messages to subscribers, such as email addresses, phone numbers, or other AWS services. By using Amazon SNS, the company can ensure that the data engineering team is aware of all changes to the templates and can take appropriate actions if needed. What is Amazon SNS? - Amazon Simple Notification Service

The requirement is to automatically apply different baseline CloudFormation templates based on OU placement when new AWS accounts are created, while keeping operational overhead as low as possible. Because the company is already using AWS Organizations and is planning a comprehensive account management strategy, the most AWS-native and efficient solution is AWS Control Tower with Customizations for AWS Control Tower (CfCT) .

CfCT is specifically designed to extend Control Tower’s baseline by allowing administrators to deploy OU-scoped CloudFormation templates automatically. The solution uses a manifest file to map CloudFormation templates to specific OUs, ensuring that each new account receives the correct baseline configuration immediately after provisioning. Templates and configuration are stored in a version-controlled Git repository, providing auditability, change tracking, and rollback capabilities.

Option B adds unnecessary operational complexity by introducing a custom CodePipeline that must be manually triggered and maintained. This duplicates functionality that CfCT already provides natively. Options C and D rely on custom Lambda logic and EventBridge rules, which increase maintenance burden, reduce transparency, and lack built-in OU-aware governance features.

AWS documentation explicitly recommends Customizations for AWS Control Tower for OU-based, scalable, and automated baseline deployments. Therefore, Option A delivers the required functionality with the least operational overhead and aligns with AWS best practices for multi-account governance.

Amazon EventBridge can directly consume AWS Health events as an event source. You can specify event types such as “AWS_EC2_INSTANCE_RETIREMENT_SCHEDULED” or “AWS_EC2_INSTANCE_TERMINATION_SCHEDULED.” The rule’s target should invoke the Systems Manager Automation document (runbook) AWS-RestartEC2Instance to automate the restart within a defined maintenance window. This event-driven automation pattern is described in AWS documentation: “Automating AWS Health event remediation using EventBridge and Systems Manager.”