A Development team wants to deploy an application using AWS CloudFormation stacks, but the Developer IAM role does not currently have the required permissions to provision the resources specified in the CloudFormation template. A DevOps Engineer is tasked with allowing Developers to deploy the stacks while following the principal of least privilege. Which solution will meet these requirements?
A) Create an IAM policy that allows Developers to provision the required resources. Attach the policy to the Developer role.
B) Create an IAM policy that allows full access to CloudFormation. Attach the policy to the Developer role.
C) Create an AWS CloudFormation service role that has the required permissions. Grant the developer IAM role a cloudformation:* action. Use the new service role during stack deployments.
D) Create an AWS CloudFormation service role that has the required permissions. Grant the developer IAM role the iam:PassRole permission. Use the new service role during stack deployments.
Correct Answer:
Verified
Q339: Which of these is not a CloudFormation
Q340: What is the scope of an EBS
Q341: A development team manually builds an artifact
Q342: A company runs an application with an
Q343: A DevOps Engineer needs to back up
Q345: A retail company has adopted AWS OpsWorks
Q346: A DevOps Engineer is researching the least-expensive
Q347: You need to replicate API calls across
Q348: A law firm is running a web
Q349: A company is testing a web application
Unlock this Answer For Free Now!
View this answer and more for free by performing one of the following actions
Scan the QR code to install the App and get 2 free unlocks
Unlock quizzes for free by uploading documents