A Development team creates a build project in AWS CodeBuild. The build project invokes automated tests of modules that access AWS services. Which of the following will enable the tests to run the MOST securely?
A) Generate credentials for an IAM user with a policy attached to allow the actions on AWS services. Store credentials as encrypted environment variables for the build project. As part of the build script, obtain the credentials to run the integration tests.
B) Have CodeBuild run only the integration tests as a build job on a Jenkins server. Create a role that has a policy attached to allow the actions on AWS services. Generate credentials for an IAM user that is allowed to assume the role. Configure the credentials as secrets in Jenkins, and allow the build job to use them to run the integration tests.
C) Create a service role in IAM to be assumed by CodeBuild with a policy attached to allow the actions on AWS services. Configure the build project to use the role created.
D) Use AWS managed credentials. Encrypt the credentials with AWS KMS. As part of the build script, decrypt with AWS KMS and use these credentials to run the integration tests.
Correct Answer:
Verified
Q67: A company runs an application on Amazon
Q68: A company's web application will be migrated
Q69: A company has a website in an
Q70: A company is using AWS CodeBuild, AWS
Q71: A DevOps team needs to query information
Q73: A DevOps Engineer encountered the following error
Q74: A DevOps Engineer is building a multi-stage
Q75: A company is beginning to move to
Q76: A DevOps Engineer uses Docker container technology
Q77: A company hosts parts of a Python-based
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents