AWS Certified DevOps Engineer – Professional — Question 61

A DevOps engineer has automated a web service deployment by using AWS CodePipeline with the following steps:
1. An AWS CodeBuild project compiles the deployment artifact and runs unit tests.
2. An AWS CodeDeploy deployment group deploys the web service to Amazon EC2 instances in the staging environment.
3. A CodeDeploy deployment group deploys the web service to EC2 instances in the production environment.
The quality assurance (QA) team requests permission to inspect the build artifact before the deployment to the production environment occurs. The QA team wants to run an internal penetration testing tool to conduct manual tests. The tool will be invoked by a REST API call.
Which combination of actions should the DevOps engineer take to fulfill this request? (Choose two.)

Answer options

• A. Insert a manual approval action between the test actions and deployment actions of the pipeline.
• B. Modify the buildspec.yml file for the compilation stage to require manual approval before completion.
• C. Update the CodeDeploy deployment groups so that they require manual approval to proceed.
• D. Update the pipeline to directly call the REST API for the penetration testing tool.
• E. Update the pipeline to invoke a Lambda function that calls the REST API for the penetration testing tool.

Correct answer: A, E

Explanation

The correct answer includes A and E. Option A is valid because it introduces a manual approval step, allowing the QA team to inspect the build artifact before deployment. Option E is also correct as it enables the pipeline to invoke a Lambda function that calls the REST API for the penetration testing tool, facilitating automated testing. The other options do not effectively address the QA team's request or are not suitable for this scenario.