AWS Certified DevOps Engineer – Professional (DOP-C02) — Question 394

A company needs to manage shared libraries for various projects across its development AWS account and production AWS account. The company has configured IAM roles for developers and has defined an AWS CodePipeline pipeline by using the AWS Cloud Development Kit (AWS CDK).

A DevOps engineer must implement a solution to ensure that only developers can access the latest versions of the libraries. The solution must test shared packages independently before the shared packages are consumed by other applications and before they go to production.

Which solution will meet these requirements?

Answer options

• A. Create a single AWS CodeArtifact repository for development and production in a central account. Use IAM policies for the developer roles to allow only developers to access the shared libraries. Create an Amazon EventBridge role to start an AWS CodeBuild project and to test each package before the package is copied to the production repository.
• B. Create an AWS CodeArtifact repository in the development account. Create another CodeArtifact repository in the production account. For the development repository, add a repository policy that allows only developers to access the shared libraries. Create an Amazon EventBridge rule to start the CodePipeline pipeline and to test each package before the package is copied to the production repository.
• C. Create a single Amazon S3 bucket with versioning enabled for development and production in a central account. Use IAM policies for the developer roles to allow only the developers to access the shared libraries. Create an Amazon EventBridge rule to start an AWS CodeBuild project and to test each package before the package is copied to production.
• D. Create an Amazon S3 bucket with versioning enabled in the development account. Create another S3 bucket with versioning enabled in the production account. For the development S3 bucket, add a bucket policy that allows only developers to access the shared libraries. Create an Amazon EventBridge role to start the CodePipeline pipeline. Configure the role to test each package when the package is copied to production and to revert the changes if the tests fail.

Correct answer: B

Explanation

AWS CodeArtifact is the AWS native service designed specifically for secure, scalable package management and sharing of libraries. Creating separate development and production repositories allows for clean environment segregation, and using a repository policy ensures only developers can access the development packages. Automating the workflow using an Amazon EventBridge rule to trigger AWS CodePipeline ensures that the packages are fully tested through the pipeline before they are copied to the production repository.