-
Hello thewebguru,
Thank you for taking the time to report this and for pointing out the inconsistency so clearly.
After reviewing the current AWS documentation, the role name AWSControlTowerBlueprintAccess does exist in AWS Control Tower. It is used in the Account Factory Customization (AFC) workflow so that AWS Control Tower can access and share the AWS Service Catalog blueprint product during account provisioning. That said, the concern remains valid: the role itself does not provision VPCs or create Transit Gateway attachments. Its purpose is to support the blueprint-based customization workflow, not to perform the network automation on its own.
Because of that, the explanation can be improved for clarity. The automation aspect of the solution is primarily addressed by Account Factory Customization (AFC) together with an AWS Service Catalog product backed by CloudFormation. Those are the components that enable consistent VPC deployment across new and existing accounts with lower operational effort. The AWSControlTowerBlueprintAccess role is a supporting prerequisite for AFC, rather than the direct mechanism that creates the networking resources.
We will review the wording of the explanation for this item and update it accordingly.
Thanks again for helping us improve the quality and accuracy of the practice exams. Feedback like this is greatly appreciated.
Best regards,
Nikee @ Tutorials Dojo
