ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS DevOps Engineer Professional All Questions

View all questions & answers for the AWS DevOps Engineer Professional exam
Go to Exam

Exam AWS DevOps Engineer Professional topic 1 question 132 discussion

Exam question from Amazon's AWS DevOps Engineer Professional
Question #: 132
Topic #: 1
[All AWS DevOps Engineer Professional Questions]

A development team wants to use AWS CloudFormation stacks to deploy an application. However, the developer IAM role does not have the required permissions to provision the resources that are specified in the AWS CloudFormation template. A DevOps engineer needs to implement a solution that allows the developers to deploy the stacks. The solution must follow the principle of least privilege.

Which solution will meet these requirements?

  • A. Create an IAM policy that allows the developers to provision the required resources. Attach the policy to the developer IAM role.
  • B. Create an IAM policy that allows full access to AWS CloudFormation. Attach the policy to the developer IAM role.
  • C. Create an AWS CloudFormation service role that has the required permissions. Grant the developer IAM role a cloudforrnation:* action. Use the new service role during stack deployments.
  • D. Create an AWS CloudFormation service role that has the required permissions. Grant the developer IAM role the iam:PassRole permission. Use the new service role during stack deployments.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by saggy4 at Dec. 28, 2022, 5:24 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
easytoo
2 years ago
D-D-D-D-D-D-D-
upvoted 1 times
...
Piccaso
2 years, 2 months ago
Selected Answer: D
A, does not follow the least privilege principle because the developers will have access to provision the resources without using CloudFormation. B, full access gives too much accesses. C, cloudformation:*.action gives too much accesses.
upvoted 1 times
...
Bulti
2 years, 3 months ago
Selected Answer: D
D is correct. As an IAM user you need to have the IAM policy that allow you to pass the service role you are assigning to CloudFormation to execute the template to create/ update stack.
upvoted 2 times
...
saggy4
2 years, 4 months ago
Selected Answer: D
D is the correct option https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-iam-servicerole.html
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago