A company has an organization in AWS Organizations for its multi-account environment. A D…

Question

A company has an organization in AWS Organizations for its multi-account environment. A DevOps engineer is developing an AWS CodeArtifact based strategy for application package management across the organization. Each application team at the company has its own account in the organization. Each application team also has limited access to a centralized shared services account. Each application team needs full access to download, publish, and grant access to its own packages. Some common library packages that the application teams use must also be shared with the entire organization. Which combination of steps will meet these requirements with the LEAST administrative overhead? (Choose three.)

Accepted Answer

Correct answer: B, C, D. B. Create a domain in the shared services account. Grant the organization read access and CreateRepository access. — C. Create a repository in each application team’s account. Grant each application team’s account full read access and write access to its own repository. — D. Create a repository in the shared services account. Grant the organization read access to the repository in the shared services account Set the repository as the upstream repository in each application team's repository. — Creating a single central domain in the shared services account (B) simplifies administration and allows organization-wide repository creation permissions. Giving each team their own repository (C) ensures full local control over publishing and accessing their own packages. Setting the centralized shared repository as an upstream repository (D) allows all teams to seamlessly inherit common packages without managing complex, mesh-like resource policies between individual accounts.

AWS Certified DevOps Engineer – Professional (DOP-C02) — Question 267

Answer options

Correct answer: B, C, D

Explanation