AWS Certified DevOps Engineer - Professional
Get started today
Ultimate access to all questions.
Comments
Loading comments...
Ultimate access to all questions.
A development team is tasked with deploying an application using AWS CloudFormation stacks. However, the developer IAM role currently does not possess the necessary permissions to provision all the resources defined in the AWS CloudFormation template. A DevOps engineer is required to devise a solution that enables the developers to deploy these stacks without exceeding the principle of least privilege. What is the most appropriate solution for this scenario?
A
Create an IAM policy that allows the developers to provision the required resources. Attach the policy to the developer IAM role.
B
Create an IAM policy that allows full access to AWS CloudFormation. Attach the policy to the developer IAM role.
C
Create an AWS CloudFormation service role that has the required permissions. Grant the developer IAM role a cloudformation:* action. Use the new service role during stack deployments.*
D
Create an AWS CloudFormation service role that has the required permissions. Grant the developer IAM role the iam:PassRole permission. Use the new service role during stack deployments.