AWS Certified DevOps Engineer - Professional
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
In an AWS environment, a company utilizes AWS CodeCommit for source code management. Developers work on feature branches and use pull requests to merge changes into the main branch for production readiness. The company wants to prevent developers from directly pushing changes to the main branch. Currently, the AWSCodeCommitPowerUser managed policy is attached to the developers' IAM roles, allowing them to push changes directly to the main branch across all repositories. What action should the company take to enforce this restriction?
Explanation:
The correct answer is A. The company needs to create an additional policy that explicitly denies the GitPush and PutFile actions when developers try to push to the main branch. This policy should include a condition that specifies the main branch, ensuring these actions are restricted only for this branch. Since AWSCodeCommitPowerUser is an AWS-managed policy, it cannot be modified directly, but you can create and attach additional policies to enforce this restriction.