You are using the AWS CodeDeploy service to deploy an application onto AWS.
The application uses secure parameters which are stored in the AWS Systems Manager Parameter Store.
Which of the following must be done so that the deployment can be automated via CodeDeploy? Choose 2 answers from the options given below.
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - A and D.
You need to specify the --with-decryption option.
This allows the CodeDeploy service to decrypt the password so that it can be used in the application.
Also, use IAM Roles to ensure the CodeDeploy service can access the KMS service.
Option B is incorrect since you need to specify the --with-decryption option.
Option C is incorrect since this is not a secure way to access AWS services.
For more information on an example on this, please refer to the below URL-
https://aws.amazon.com/blogs/mt/use-parameter-store-to-securely-access-secrets-and-config-data-in-aws-codedeploy/To automate deployment using AWS CodeDeploy with secure parameters, the following two steps must be taken:
A. Use the aws ssm get-parameters command with the --with-decryption option: When deploying an application using AWS CodeDeploy, secure parameters are stored in the AWS Systems Manager Parameter Store. These secure parameters may contain sensitive information such as database passwords or API keys, which should not be disclosed to unauthorized users. To retrieve these parameters during deployment, the aws ssm get-parameters command should be used with the --with-decryption option. This option allows the retrieved parameters to be decrypted, making them usable in the deployment process.
B. Give permissions to the AWS CodeDeploy service via an IAM Role: To allow the AWS CodeDeploy service to access the AWS Systems Manager Parameter Store, permissions must be granted via an IAM Role. The IAM Role should be created with the necessary permissions to access the Parameter Store and retrieve the secure parameters needed for deployment. The role should also have permissions to access any other AWS resources needed during the deployment process, such as EC2 instances or S3 buckets.
Therefore, the correct answers to this question are A and D. Option A specifies how to retrieve the secure parameters during deployment, and option D describes how to give permissions to the AWS CodeDeploy service to access the Parameter Store.