A DevOps engineer is building a centralized CI/CD pipeline using AWS CodeBuild, AWS CodeDeploy, and Amazon S3. The engineer is required to have least privilege access and individual encryption at rest for all artifacts in Amazon S3. The engineer must be able to prune old artifacts without the ability to download or read them. The engineer has already completed the following steps: Created a unique AWS Key Management Service (AWS KMS) CMK and S3 bucket for each project's builds. Updated the S3 bucket policy to only allow uploads that use the associated KMS encryption. Which final step should be taken to meet these requirements?
A) Update the attached IAM policies to allow access to the appropriate KMS key from the CodeDeploy role where the application will be deployed.
B) Update the attached IAM policies to allow access to the appropriate KMS key from the EC2 instance roles where the application will be deployed.
C) Update the CMK's key policy to allow access to the appropriate KMS key from the CodeDeploy role where the application will be deployed.
D) Update the CMK's key policy to allow access to the appropriate KMS key from the EC2 instance roles where the application will be deployed.
Correct Answer:
Verified
Q369: An application running on a set of
Q370: A company is using AWS CodePipeline to
Q371: A developer has written an application that
Q372: A company requires that its internally facing
Q373: You need to implement A/B deployments for
Q375: You are using Elastic Beanstalk to manage
Q376: A company has an application that is
Q377: A DevOps engineer has been tasked with
Q378: A DevOps engineer is tasked with creating
Q379: A DevOps engineer is deploying an AWS
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents