A company uses AWS Organizations to manage multiple AWS accounts. The accounts are in an…

Question

A company uses AWS Organizations to manage multiple AWS accounts. The accounts are in an OU that has a policy attached to allow all actions. The company is migrating several Git repositories to a specified AWS CodeConnections supported Git provider. The Git repositories manage AWS CloudFormation stacks for application infrastructure that the company deploys across multiple AWS Regions. The company wants a DevOps team to integrate CodeConnections into the CloudFormation stacks. The DevOps team must ensure that company staff members can integrate only with the specified Git provider. The deployment process must be highly available across Regions. Which combination of steps will meet these requirements? (Choose three.)

Accepted Answer

Correct answer: A, C, E. A. Add a new SCP statement to the OU that denies the CodeConnections CreatingConnections action where the provider type is not the specified Git provider. — C. Use CodeConnectlons to configure a single CodeConnections connection to each Git repository. — E. Use CodeConnections to create a CodeConnections repository link. Update each CfoudFormation stack to sync from the Git repository. — An SCP with a Deny effect and a StringNotEquals condition (Option A) is the correct way to restrict connection creation to only the specified provider, as the OU already has a full-access policy. Using CodeConnections to establish a single connection per repository (Option C) is sufficient and highly available because connection resources are global and do not need to be duplicated per Region. Finally, creating a CodeConnections repository link and enabling CloudFormation Git sync (Option E) natively automates stack updates directly from Git across regions without the overhead of building individual multi-region pipelines.

AWS Certified DevOps Engineer – Professional (DOP-C02) — Question 359

Answer options

Correct answer: A, C, E

Explanation