In order to be compliant with corporate regulatory requirements, any changes to the AWS resource configurations need to be traced and documented.
Which of the following actions belong to the best practices for the implementation of Infrastructure as Code? (Select TWO.)
Click on the arrows to vote for the correct answer
A. B. C. D. E.Correct Answer - B, E.
Refer to https://d1.awsstatic.com/whitepapers/DevOps/infrastructure-as-code.pdf for how to implement Infrastructure as Code in AWS.
Option A is incorrect: Because a script or a template is needed to record the AWS CLI commands so that the changes to the VPC configurations are saved via code.
Option B is CORRECT: Because CloudFormation is a best practice for resource provisioning.
The same template can be used to create the same set of resources when needed repeatedly.
Option C is incorrect: Because it does not mention how to create the VPC peering.
If it is done directly in the AWS console, it is not compliant with the regulatory requirements.
Option D is incorrect: Because the activation of versioning in S3 should be done via tools such as CloudFormation so that this operation is recorded in code.
Option E is CORRECT: Because the JSON command document contains parameters and actions for Systems Manager.
This customized document can be reused and version controlled in Git.
Option B and Option D are the best practices for implementing Infrastructure as Code while complying with regulatory requirements:
B. For disaster recovery purposes, a CloudFormation template is used to build a replica of a production environment in another AWS region.
CloudFormation is an AWS service that helps to model and provision AWS resources using templates. Using CloudFormation, you can create a replica of your production environment in another AWS region. This helps you to comply with corporate regulatory requirements and also ensures that you have a disaster recovery plan in place.
Since you are using a CloudFormation template to create this environment, you can document and version control the template using code repository services such as Git. This helps you to track and trace any changes made to the template over time.
D. In the AWS console, activate the versioning for S3 buckets so that every object stored in the S3 buckets is version controlled.
Amazon S3 is a cloud-based storage service provided by AWS. S3 buckets can be used to store files and objects such as documents, images, and videos. In order to comply with regulatory requirements and document any changes made to the objects stored in the S3 buckets, versioning should be enabled for the S3 buckets.
Enabling versioning for an S3 bucket allows you to track and manage changes made to objects stored in the bucket over time. This helps you to maintain a version history of objects, as well as restore previous versions of objects if needed.
Option A is not a recommended best practice for implementing Infrastructure as Code because AWS CLI commands are executed manually and are not version controlled. This can make it difficult to track changes made to the infrastructure over time, which is a requirement for regulatory compliance.
Option C is not directly related to implementing Infrastructure as Code, but it is a good practice for securing network traffic between VPCs.
Option E is related to automating health checks using AWS System Manager "Run Command", but it does not address the issue of tracking and documenting changes made to AWS resources, which is a requirement for regulatory compliance. Saving the document in a Git repository is a good practice, but it is not sufficient by itself to comply with regulatory requirements.