Ask a Question

You have been instructed to use the CodePipeline service for the CI/CD automation in your company. Due to security reasons, the resources that would be part of the deployment are placed in another account.

  • Home
  • AWS
  • You have been instructed to use the CodePipeline service for the CI/CD automation in your company....
0 votes
in AWS by

You have been instructed to use the CodePipeline service for the CI/CD automation in your company. Due to security reasons, the resources that would be part of the deployment are placed in another account.

Which of the following steps need to be carried out to accomplish this deployment? Choose 2 answers from the options given below.

1 Answer

0 votes
by

Answer - A and C.

Option B is invalid since this would go against the security policy.

Option D is invalid since this is not a recommended security practice.

This is mentioned in the AWS Documentation.

You might want to create a pipeline that uses resources created or managed by another AWS account.

For example, you might want to use one account for your pipeline and another for your AWS CodeDeploy resources.

To do so, you must create an AWS Key Management Service (AWS KMS) key to use, add the key to the pipeline, and set up account policies and roles to enable cross-account access.

For more information on pipelines used to access resources in another account, please refer to the below URL-

https://docs.aws.amazon.com/codepipeline/latest/userguide/pipelines-create-cross-account.html

In this scenario, you are required to set up a CodePipeline service for CI/CD automation, and the resources that are part of the deployment are located in another account for security reasons. To achieve this, you need to perform the following two steps:

  1. Define an AWS key in KMS. Create and attach policies that will enable the cross-account access You need to define an AWS key in KMS (Key Management Service) to enable secure access to the resources in the other account. KMS is a managed service that helps create and control the encryption keys used to secure your data. With KMS, you can create and manage keys and define policies that control access to those keys. Once the key is defined, you need to create policies that enable cross-account access to the resources. These policies will define who can access the resources and what actions they can perform on them.

  2. Add a cross-account role You need to create a cross-account role that will enable access to the resources in the other account. A cross-account role is an IAM (Identity and Access Management) role that you can create in one AWS account and use to access resources in another AWS account. This role will allow CodePipeline to access the necessary resources in the other account during the deployment process.

Option B (Create a reference CodePipeline instance in the other account) is incorrect because you don't need to create a reference CodePipeline instance in the other account. Option D (Embed the access keys in the CodePipeline process) is also incorrect because embedding access keys in the CodePipeline process is not a secure way to manage access to resources in another account.

Top Trending Technologies Questions and Answers

Agile Questions & Answers
Javascript Questions & Answers
Ansible Questions & Answers
Bootstrap Questions & Answers
Angular Questions & Answers
Android Questions & Answers
Linux Questions & Answers
Kibana Questions & Answers
Dataware Questions & Answers
Gradle Questions & Answers
Bitcoin Questions & Answers
Cassandra Questions & Answers
ABBYY-FlexiCapture Questions
Statistics & Probability Questions
Amazon Database Questions & Answers
Amazon Elastic Questions & Answers
Amazon Neptune Questions & Answers
Amazon Storage Questions & Answers
Amazon S3 Glacier Questions & Answers
5G-Network Questions & Answers
AWS Questions & Answers
C# Questions & Answers
C++ Interview Questions & Answers
REACTJS Questions & Answers
AJAX Questions & Answers
Data Handling Questions & Answers
Hadoop Questions & Answers
Big Data Questions & Answers
HTML Questions & Answers
JAVA Questions & Answers
JavaScript Questions & Answers
Apache Druid Questions & Answers
Apache Phoenix Questions & Answers
Apache Pig Questions & Answers
Apache Storm Questions & Answers
AWS Codecommit Questions & Answers
AWS Essentials Questions & Answers
Cache Techniques Questions & Answers
JIRA Questions & Answers
Azure Questions & Answers
Blockchain Questions & Answers
GIT Questions & Answers
DOT NET Questions & Answers
Machine Learning Questions & Answers
MVC Language Questions & Answers
NOSQL Questions & Answers
Python Questions & Answers
R Language Questions & Answers
Framework Questions & Answers
IONIC Questions & Answers
Cyber Security Questions & Answers
Data Mining Methods Questions & Answers
Devops Security Questions & Answers
End Point Security Questions & Answers
Fortify Code Scanner Questions & Answers
Growth & Transformation Questions
Keycloak Questions & Answers
Cloud Questions & Answers
Salesforce Questions & Answers
Selenium Questions & Answers
Spark SQL Questions & Answers
VUE JS Questions & Answers
Devops Questions & Answers
Jenkins Questions & Answers
Artificial Intelligence Questions & Answers
Continuous Integration Questions & Answers
GIT Questions & Answers
Continuous Deployment Questions & Answers
Cyber Security Questions & Answers
Memcached Questions & Answers
Sequence Models Questions & Answers
Tableau Questions & Answers
Typography Questions & Answers
Usability Principles Questions & Answers
Image processing Questions
Generative AI Interview Questions
About us

HOT LINKS

NO SQL/MangoDB

Data Visualisation Aurora

DevOps

Javascript

Hadoop and Big Data

JAVA

TRANDING TECHNOLOGIES

Agile and SAFE

DevOps

Spark SQL

Git

Service Now

Arduino

CONTACT US

New York, NY 10012, US

info@madanswer.com

Copyright

Contact US

About US

Follow us on Social Media


© Copyright 2018-2024 www.madanswer.com. All rights reserved. Developed by Madanswer. Sitemap Madanswer Sitemap

...