In an AWS environment, a company utilizes AWS CodeCommit for source code management. Developers work on feature branches and use pull requests to merge changes into the main branch for production readiness. The company wants to prevent developers from directly pushing changes to the main branch. Currently, the AWSCodeCommitPowerUser managed policy is attached to the developers' IAM roles, allowing them to push changes directly to the main branch across all repositories. What action should the company take to enforce this restriction?

Exam-Like

Create an additional policy to include a Deny rule for the GitPush and PutFile actions. Include a restriction for the specific repositories in the policy statement with a condition that references the main branch.

60.0%

Remove the IAM policy, and add an AWSCodeCommitReadOnly managed policy. Add an Allow rule for the GitPush and PutFile actions for the specific repositories in the policy statement with a condition that references the main branch.

0.0%

Modify the IAM policy. Include a Deny rule for the GitPush and PutFile actions for the specific repositories in the policy statement with a condition that references the main branch.

40.0%

Create an additional policy to include an Allow rule for the GitPush and PutFile actions. Include a restriction for the specific repositories in the policy statement with a condition that references the feature branches.

0.0%

AWS Certified DevOps Engineer - Professional

Get started today

Comments