A company utilizes infrastructure as code (IaC) to manage its AWS infrastructure, employing AWS CloudFormation templates for deployment. They have an established CI/CD pipeline for this purpose. Following a security audit, the company aims to enhance its AWS security posture by implementing a policy-as-code approach. This approach must prevent the deployment of infrastructure that violates security policies, such as unencrypted Amazon Elastic Block Store (Amazon EBS) volumes. Which solution should the company adopt to meet these security requirements?

Exam-Like

Turn on AWS Trusted Advisor. Configure security notifications as webhooks in the preferences section of the CI/CD pipeline.

0.0%

Turn on AWS Config. Use the prebuilt rules or customized rules. Subscribe the CI/CD pipeline to an Amazon Simple Notification Service (Amazon SNS) topic that receives notifications from AWS Config.

0.0%

Create rule sets in AWS CloudFormation Guard. Run validation checks for CloudFormation templates as a phase of the CI/CD process.

100.0%

Create rule sets as SCPs. Integrate the SCPs as a part of validation control in a phase of the CI/CD process.

0.0%

AWS Certified Security - Specialty

Get started today

Comments