A Development team wants to deploy an application using AWS CloudFormation stacks, but the Developer IAM role does not currently have the required permissions to provision the resources specified in the CloudFormation template. A DevOps Engineer is tasked with allowing Developers to deploy the stacks while following the principal of least privilege.
Which solution will meet these requirements?
A. Create an IAM policy that allows Developers to provision the required resources. Attach the policy to the Developer role.
B. Create an IAM policy that allows full access to CloudFormation. Attach the policy to the Developer role.
C. Create an AWS CloudFormation service role that has the required permissions. Grant the developer IAM role a cloudformation:* action. Use the new service role during stack deployments.
D. Create an AWS CloudFormation service role that has the required permissions. Grant the developer IAM role the iam:PassRole permission. Use the new service role during stack deployments.
