AWS Certified Solutions Architect – Professional — Question 290

A company is using AWS CloudFormation as its deployment tool for all application. It stages all application binaries and templates within Amazon S3 bucket with versioning enabled. Developers have access to an Amazon EC2 instance that hosts the integrated development (IDE). The Developers download the application binaries from Amazon S3 to the EC2 instance, make changes, and upload the binaries to an S3 bucket after running the unit tests locally. The developers want to improve the existing deployment mechanism and implement CI/CD using AWS CodePipeline.
The developers have the following requirements:
✑ Use AWS CodeCommit for source control.
✑ Automate unit testing and security scanning.
✑ Alert the Developers when unit tests fail.
✑ Turn application features on and off, and customize deployment dynamically as part of CI/CD.
✑ Have the lead Developer provide approval before deploying an application.
Which solution will meet these requirements?

Answer options

• A. Use AWS CodeBuild to run tests and security scans. Use an Amazon EventBridge rule to send Amazon SNS alerts to the Developers when unit tests fail. Write AWS Cloud Developer kit (AWS CDK) constructs for different solution features, and use a manifest file to turn features on and off in the AWS CDK application. Use a manual approval stage in the pipeline to allow the lead Developer to approve applications.
• B. Use AWS Lambda to run unit tests and security scans. Use Lambda in a subsequent stage in the pipeline to send Amazon SNS alerts to the developers when unit tests fail. Write AWS Amplify plugins for different solution features and utilize user prompts to turn features on and off. Use Amazon SES in the pipeline to allow the lead developer to approve applications.
• C. Use Jenkins to run unit tests and security scans. Use an Amazon EventBridge rule in the pipeline to send Amazon SES alerts to the developers when unit tests fail. Use AWS CloudFormation nested stacks for different solution features and parameters to turn features on and off. Use AWS Lambda in the pipeline to allow the lead developer to approve applications.
• D. Use AWS CodeDeploy to run unit tests and security scans. Use an Amazon CloudWatch alarm in the pipeline to send Amazon SNS alerts to the developers when unit tests fail. Use Docker images for different solution features and the AWS CLI to turn features on and off. Use a manual approval stage in the pipeline to allow the lead developer to approve applications.

Correct answer: A

Explanation

AWS CodeBuild is the ideal service for running automated unit tests and security scans in a CI/CD pipeline, and EventBridge can easily capture build failures to trigger SNS notifications. Using the AWS CDK allows developers to write constructs for different features and dynamically toggle them using a configuration manifest file. Finally, AWS CodePipeline natively supports a Manual approval action stage, which perfectly satisfies the requirement for the lead developer's sign-off before deployment.