Answer-first summary for fast verification
Answer: Specify a KMS key to use
Overall explanation Correct option: Specify a KMS key to use AWS Key Management Service (KMS) makes it easy for you to create and manage cryptographic keys and control their use across a wide range of AWS services and in your applications. For AWS CodeBuild to encrypt its build output artifacts, it needs access to an AWS KMS customer master key (CMK). By default, AWS CodeBuild uses the AWS-managed CMK for Amazon S3 in your AWS account. The following environment variable provides these details: CODEBUILD_KMS_KEY_ID: The identifier of the AWS KMS key that CodeBuild is using to encrypt the build output artifact (for example, arn:aws:kms:region-ID:account-ID:key/key-ID or alias/key-alias). Incorrect options: Use an AWS Lambda Hook - Code hook is used for integration with Lambda and is not relevant for the given use-case. Use the AWS Encryption SDK - The SDK just makes it easier for you to implement encryption best practices in your application and is not relevant for the given use-case. Use In-Flight encryption (SSL) - SSL is usually for internet traffic which in this case will be using internal traffic through AWS and is not relevant for the given use-case.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
In a recent project assignment, you are required to utilize the AWS Command Line Interface (CLI) to construct a project using AWS CodeBuild. Your project’s root directory already contains a buildspec.yml file, which is essential for executing build commands. Additionally, the project demands that the build artifacts produced must be automatically encrypted upon completion.
How can you configure AWS CodeBuild to ensure this automatic encryption of build artifacts?
A
Specify a KMS key to use
B
Use an AWS Lambda Hook
C
Use the AWS Encryption SDK
D
Use In Flight encryption (SSL)
No comments yet.