AWS Certified DevOps Engineer – Professional — Question 190

A company is using AWS CodePipeline to deploy an application. According to a new guideline, a member of the company's security team must sign off on any application changes before the changes are deployed into production. The approval must be recorded and retained.
Which combination of actions will meet these requirements? (Choose two.)

Answer options

• A. Configure CodePipeline to write actions to Amazon CloudWatch Logs.
• B. Configure CodePipeline to write actions to an Amazon S3 bucket at the end of each pipeline stage.
• C. Create an AWS CloudTrail trail to deliver logs to Amazon S3.
• D. Create a CodePipeline custom action to invoke an AWS Lambda function for approval. Create a policy that gives the security team access to manage CodePipeline custom actions.
• E. Create a CodePipeline manual approval action before the deployment step. Create a policy that grants the security team access to approve manual approval stages.

Correct answer: C, E

Explanation

The correct answers, C and E, ensure that the security team's approval is documented and retained. Creating an AWS CloudTrail trail allows for logging and storing of actions, satisfying the retention requirement, while the manual approval action in CodePipeline enforces the necessary approval process. Options A and B do not fulfill the requirement for documented approval, and option D does not specifically address the need for documented approval steps.