AWS Certified DevOps Engineer – Professional (DOP-C02) — Question 352

A DevOps engineer needs to troubleshoot a pipeline that uses a GitHub code repository. The pipeline contains a source stage, a build stage, and a deploy stage. The pipeline also has an AWS CodeStar connection to the GitHub code repository.

The build stage uses an AWS CodeBuild build project. The build project needs to perform a git clone of the repository as part of the build process.

The DevOps engineer validates that the source stage is working properly. However, the build stage fails each time the pipeline runs.

What is the reason that the build stage fails in the pipeline?

Answer options

• A. The build stage within the pipeline needs to use the AWS CodeStar connection action.
• B. The AWS CodeStar connection to GitHub contains incorrect credentials.
• C. The AWS CodePipeline service role does not have permission to use the AWS CodeStar connection.
• D. The AWS CodeBuild service role does not have permission to use the AWS CodeStar connection.

Correct answer: D

Explanation

Because the source stage succeeds, the AWS CodeStar connection itself is valid and AWS CodePipeline has the necessary permissions to access it. However, for AWS CodeBuild to perform a git clone directly using the connection during the build phase, the AWS CodeBuild service role must be explicitly granted permission to use the AWS CodeStar connection. Therefore, the failure is due to the CodeBuild service role missing the required IAM permissions.