You have been instructed to use the CodePipeline service for the CI/CD automation in your company.
Due to security reasons, the resources that would be part of the deployment are placed in another account.
Which of the following steps need to be carried out to accomplish this deployment? Choose 2 answers from the options given below.
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - A and C.
Option B is invalid since this would go against the security policy.
Option D is invalid since this is not a recommended security practice.
This is mentioned in the AWS Documentation.
You might want to create a pipeline that uses resources created or managed by another AWS account.
For example, you might want to use one account for your pipeline and another for your AWS CodeDeploy resources.
To do so, you must create an AWS Key Management Service (AWS KMS) key to use, add the key to the pipeline, and set up account policies and roles to enable cross-account access.
For more information on pipelines used to access resources in another account, please refer to the below URL-
https://docs.aws.amazon.com/codepipeline/latest/userguide/pipelines-create-cross-account.htmlIn this scenario, you are required to set up a CodePipeline service for CI/CD automation, and the resources that are part of the deployment are located in another account for security reasons. To achieve this, you need to perform the following two steps:
Define an AWS key in KMS. Create and attach policies that will enable the cross-account access You need to define an AWS key in KMS (Key Management Service) to enable secure access to the resources in the other account. KMS is a managed service that helps create and control the encryption keys used to secure your data. With KMS, you can create and manage keys and define policies that control access to those keys. Once the key is defined, you need to create policies that enable cross-account access to the resources. These policies will define who can access the resources and what actions they can perform on them.
Add a cross-account role You need to create a cross-account role that will enable access to the resources in the other account. A cross-account role is an IAM (Identity and Access Management) role that you can create in one AWS account and use to access resources in another AWS account. This role will allow CodePipeline to access the necessary resources in the other account during the deployment process.
Option B (Create a reference CodePipeline instance in the other account) is incorrect because you don't need to create a reference CodePipeline instance in the other account. Option D (Embed the access keys in the CodePipeline process) is also incorrect because embedding access keys in the CodePipeline process is not a secure way to manage access to resources in another account.