AWS Certified Developer – Associate — Question 311

A company’s mock data from development environments has been appearing in the production environment. The company wants a member of the Admin IAM user group to manually approve all promotions to production in the company’s AWS CodePipeline pipeline before the promotions can proceed.

Which combination of steps will meet these requirements? (Choose two.)

Answer options

• A. Add an approval action to the pipeline. Set the Provider field to Group and the Owner field to the name of the IAM user group. Set the approval action to run before the production deploy action.
• B. Add an approval action to the pipeline. Set the Provider field to Manual and the Owner field to AWS. Set the approval action to run before the production deploy action.
• C. Add an approval action to the pipeline. Set the Provider field to Manual and the Owner field to the name of the IAM user group. Set the approval action to run before the production deploy action.
• D. Add an inline policy to the Admin IAM user group to allow the codepipeline:GetPipeline* action and the codepipeline:PutApprovalResult action. Set the pipeline as the resource for the policy.
• E. Add an inline policy to the Admin IAM user group to allow the codepipeline:GetPipeline* action. Set the pipeline as the resource for the policy. Add a second inline policy to allow the codepipeline:PutApprovalResult action. Set the approval action as the resource for the policy.

Correct answer: C, D

Explanation

To enforce manual intervention before production deployments, an approval action must be added to the AWS CodePipeline pipeline prior to the deployment step, configured with Manual as the provider and the IAM user group as the owner. Additionally, the members of the Admin IAM user group require explicit IAM permissions to view the pipeline and submit their approval decisions, which is achieved by granting codepipeline:GetPipeline* and codepipeline:PutApprovalResult permissions on the pipeline resource.