Your team starts to build a CI/CD pipeline in AWS CodePipeline.
Before the application is deployed in production, you have added an approval action in a stage to stop the CodePipeline pipeline.
Your project manager needs to manually approve the action for the pipeline to proceed.
However, the project manager informs you that he does not have enough permissions to approve it with his IAM user.
How would you resolve this problem?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer - D.
Option A is incorrect because in the CodePipeline manual approval stage, you cannot configure an approver.
The IAM user should be configured with proper permissions in order to approve the manual action.
Option B is incorrect because the AWSCodePipelineFullAccess policy allows all the actions related to CodePipeline.
However, the IAM user only needs to have the permission to approve the manual stage.
Option C is incorrect because the project manager needs to use his IAM user to approve the manual action.
SNS notification and subscription cannot resolve the permission issue.
Option D is CORRECT because with the AWSCodePipelineApproverAccess IAM policy, the IAM user is granted permissions to approve the manual action.
Reference:
https://docs.aws.amazon.com/codepipeline/latest/userguide/approvals-action-add.html https://docs.aws.amazon.com/codepipeline/latest/userguide/approvals-iam-permissions.html https://docs.aws.amazon.com/codepipeline/latest/userguide/approvals-approve-or-reject.htmlThe scenario described in the question is about a CodePipeline pipeline that includes a manual approval action before deploying to production. The project manager is unable to approve the action due to insufficient IAM permissions. To resolve this issue, there are a few options:
A. Add the project manager's IAM user as an approver in the CodePipeline manual approval stage and rerun the pipeline.
This option is correct, as it adds the project manager's IAM user as an approver for the manual approval stage in CodePipeline. The project manager can then approve the action, and the pipeline can proceed. To do this, the following steps should be followed:
B. In the AWS IAM console, attach the AWS managed IAM policy AWSCodePipelineFullAccess to the project manager's IAM user.
This option is not the best solution to the problem described in the question. The AWSCodePipelineFullAccess policy grants full access to CodePipeline resources, including the ability to create, modify, and delete pipelines. The project manager may not need these permissions, and granting full access may be too permissive for their needs. It is better to limit IAM user permissions to only what is required to perform their job.
C. Configure an SNS topic in the manual approval stage and subscribe the project manager's work email to the SNS topic so that he can approve the action.
This option is also valid, as it allows the project manager to approve the action by subscribing to an SNS topic that receives notifications from the manual approval stage. However, it requires extra setup and may not be the most straightforward solution.
D. Attach the AWSCodePipelineApproverAccess managed policy to the project manager's IAM user.
This option is not the correct solution to the problem described in the question. The AWSCodePipelineApproverAccess policy grants the user permission to approve or reject actions in CodePipeline, but it does not address the project manager's IAM permission issue. Additionally, the policy may be too permissive for the project manager's needs, as it grants access to all actions in CodePipeline.
In conclusion, the best solution to the problem described in the question is to add the project manager's IAM user as an approver in the CodePipeline manual approval stage and rerun the pipeline. This option provides the necessary permission to the project manager while limiting access to only the actions required to perform their job.