Multiple Choice
A DevOps engineer is building a centralized CI/CD pipeline using AWS CodeBuild, AWS CodeDeploy, and Amazon S3. The engineer is required to have least privilege access and individual encryption at rest for all artifacts in Amazon S3. The engineer must be able to prune old artifacts without the ability to download or read them. The engineer has already completed the following steps: Created a unique AWS Key Management Service (AWS KMS) CMK and S3 bucket for each project's builds. Updated the S3 bucket policy to only allow uploads that use the associated KMS encryption. Which final step should be taken to meet these requirements?
A) Update the attached IAM policies to allow access to the appropriate KMS key from the CodeDeploy role where the application will be deployed.
B) Update the attached IAM policies to allow access to the appropriate KMS key from the EC2 instance roles where the application will be deployed.
C) Update the CMK's key policy to allow access to the appropriate KMS key from the CodeDeploy role where the application will be deployed.
D) Update the CMK's key policy to allow access to the appropriate KMS key from the EC2 instance roles where the application will be deployed.
Correct Answer:
Verified
Correct Answer:
Verified
Q292: The operations team and the development team
Q293: A company wants to migrate its content
Q294: What are the bare minimum requirements for
Q295: Which is the proper syntax for referencing
Q296: Which of the following is an invalid
Q298: A DevOps Engineer uses Docker container technology
Q299: A DevOps engineer notices that all Amazon
Q300: A publishing company used AWS Elastic Beanstalk,
Q301: A company is using Docker containers for
Q302: A company is implementing a well-architected design