AWS Certified DevOps Engineer – Professional (DOP-C02) — Question 155

A company is using AWS CodePipeline to deploy an application. According to a new guideline, a member of the company's security team must sign off on any application changes before the changes are deployed into production. The approval must be recorded and retained.

Which combination of actions will meet these requirements? (Choose two.)

Answer options

• A. Configure CodePipeline to write actions to Amazon CloudWatch Logs.
• B. Configure CodePipeline to write actions to an Amazon S3 bucket at the end of each pipeline stage.
• C. Create an AWS CloudTrail trail to deliver logs to Amazon S3.
• D. Create a CodePipeline custom action to invoke an AWS Lambda function for approval. Create a policy that gives the security team access to manage CodePipeline custom actions.
• E. Create a CodePipeline manual approval action before the deployment step. Create a policy that grants the security team access to approve manual approval stages.

Correct answer: C, E

Explanation

The correct actions are C and E. Creating an AWS CloudTrail trail allows for logging of API calls, which meets the requirement of recording the approval process. Implementing a manual approval action in CodePipeline ensures that a security team member can approve changes before deployment, fulfilling the approval requirement. The other options either do not provide the necessary logging or do not include a method for obtaining approval from the security team.