AWS Certified DevOps Engineer - Professional
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
A development team is tasked with deploying an application using AWS CloudFormation stacks. However, the developer IAM role currently does not possess the necessary permissions to provision all the resources defined in the AWS CloudFormation template. A DevOps engineer is required to devise a solution that enables the developers to deploy these stacks without exceeding the principle of least privilege. What is the most appropriate solution for this scenario?
Explanation:
The correct answer is D. Option D involves creating a dedicated AWS CloudFormation service role with the required permissions and granting the developer IAM role the iam:PassRole permission. This approach allows the developers to deploy the stacks without needing broad IAM permissions themselves, adhering to the principle of least privilege. This method ensures that the developers can pass the service role to AWS CloudFormation for the deployment while maintaining controlled and specific permissions.