A company uses AWS Organizations with 50 accounts. The central IT team wants to deploy a CloudFormation stack set to create a VPC with a CIDR of 10.0.0.0/16 in each account, but the VPC CIDR must not overlap with existing VPCs in each account. What is the most scalable and automated approach?
This allows each account to have a unique CIDR without manual intervention.
Why this answer
Option B is correct because AWS CloudFormation StackSets can use account-specific parameters via a parameter file in Amazon S3, allowing each account to have a unique CIDR. Option A is wrong because it uses a single CIDR for all accounts, causing overlap. Option C is wrong because AWS Service Catalog does not handle dynamic CIDR assignment across many accounts.
Option D is wrong because a custom Lambda function per account is not scalable.