AWS Certified DevOps Engineer - Professional

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Create an additional policy to include a Deny rule for the GitPush and PutFile actions. Include a restriction for the specific repositories in the policy statement with a condition that references the main branch.

The correct answer is A. The company needs to create an additional policy that explicitly denies the GitPush and PutFile actions when developers try to push to the main branch. This policy should include a condition that specifies the main branch, ensuring these actions are restricted only for this branch. Since AWSCodeCommitPowerUser is an AWS-managed policy, it cannot be modified directly, but you can create and attach additional policies to enforce this restriction.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

In an AWS environment, a company utilizes AWS CodeCommit for source code management. Developers work on feature branches and use pull requests to merge changes into the main branch for production readiness. The company wants to prevent developers from directly pushing changes to the main branch. Currently, the AWSCodeCommitPowerUser managed policy is attached to the developers' IAM roles, allowing them to push changes directly to the main branch across all repositories. What action should the company take to enforce this restriction?

Exam-Like

Last updated: February 16, 2026 at 14:03

Create an additional policy to include a Deny rule for the GitPush and PutFile actions. Include a restriction for the specific repositories in the policy statement with a condition that references the main branch.

60.0%

Remove the IAM policy, and add an AWSCodeCommitReadOnly managed policy. Add an Allow rule for the GitPush and PutFile actions for the specific repositories in the policy statement with a condition that references the main branch.

0.0%

Modify the IAM policy. Include a Deny rule for the GitPush and PutFile actions for the specific repositories in the policy statement with a condition that references the main branch.

40.0%

Create an additional policy to include an Allow rule for the GitPush and PutFile actions. Include a restriction for the specific repositories in the policy statement with a condition that references the feature branches.