ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS DevOps Engineer Professional All Questions

View all questions & answers for the AWS DevOps Engineer Professional exam
Go to Exam

Exam AWS DevOps Engineer Professional topic 1 question 150 discussion

Exam question from Amazon's AWS DevOps Engineer Professional
Question #: 150
Topic #: 1
[All AWS DevOps Engineer Professional Questions]

A company uses AWS CodeCommit for source code control. Developers apply their changes to various feature branches and create pull requests to move those changes to the main branch when the changes are ready for production.

The developers should not be able to push changes directly to the main branch. The company applied the AWSCodeCommitPowerUser managed policy to the developers' IAM role, and now these developers can push changes to the main branch directly on every repository in the AWS account.

What should the company do to restrict the developers' ability to push changes to the main branch directly?

  • A. Create an additional policy to include a Deny rule for the GitPush and PutFile actions. Include a restriction for the specific repositories in the policy statement with a condition that references the main branch.
  • B. Remove the IAM policy, and add an AWSCodeCommitReadOnly managed policy. Add an Allow rule for the GitPush and PutFile actions for the specific repositories in the policy statement with a condition that references the main branch.
  • C. Modify the IAM policy. Include a Deny rule for the GitPush and PutFile actions for the specific repositories in the policy statement with a condition that references the main branch.
  • D. Create an additional policy to include an Allow rule for the GitPush and PutFile actions. Include a restriction for the specific repositories in the policy statement with a condition that references the feature branches.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Dimidrol at Jan. 13, 2023, 10:32 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
joseribas89
Highly Voted 2 years, 2 months ago
Selected Answer: A
By default, the AWSCodeCommitPowerUser managed policy allows users to push changes to any branch in any repository in the AWS account. To restrict the developers' ability to push changes to the main branch directly, an additional policy is needed that explicitly denies these actions for the main branch. The Deny rule should be included in a policy statement that targets the specific repositories and includes a condition that references the main branch. The policy statement should look something like this: { "Effect": "Deny", "Action": [ "codecommit:GitPush", "codecommit:PutFile" ], "Resource": "arn:aws:codecommit:<region>:<account-id>:<repository-name>", "Condition": { "StringEqualsIfExists": { "codecommit:References": [ "refs/heads/main" ] } }
upvoted 6 times
...
Mark1000
Highly Voted 2 years, 2 months ago
The correct answer is A Option C is ruled out at the outset, as it is a Managed Policy (managed by AWS) that cannot be changed.
upvoted 5 times
...
Piccaso
Most Recent 2 years, 2 months ago
Selected Answer: A
https://docs.aws.amazon.com/codecommit/latest/userguide/how-to-conditional-branch.html https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-edit.html
upvoted 3 times
...
fiesty_questy
2 years, 2 months ago
Selected Answer: A
C is incorrect. You can't modify managed policy
upvoted 2 times
...
MHK2022
2 years, 2 months ago
Selected Answer: A
Add an additional policy
upvoted 2 times
...
Piccaso
2 years, 2 months ago
Selected Answer: C
https://docs.aws.amazon.com/codecommit/latest/userguide/how-to-conditional-branch.html
upvoted 1 times
...
Sabreen_Salama
2 years, 2 months ago
answer is A
upvoted 2 times
...
ospherenet
2 years, 3 months ago
A for me. It describes the correct approach to restrict the developers' ability to push changes directly to the main branch in AWS CodeCommit. The company can create an additional policy that includes a Deny rule for the GitPush and PutFile actions for the specific repositories and with a condition that references the main branch. This will restrict the developers from pushing changes directly to the main branch.
upvoted 2 times
...
kowalkowal
2 years, 3 months ago
Selected Answer: A
https://docs.aws.amazon.com/codecommit/latest/userguide/how-to-conditional-branch.html - Other developers can still pull from the branch, make their own branches, and create pull requests, but they cannot push or merge changes to that branch. You can configure this access by creating a conditional policy that uses a context key for one or more branches in IAM. https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-edit.html - AWS managed policies cannot be edited
upvoted 2 times
...
Bulti
2 years, 3 months ago
A is the right answer. We need to add a new policy that denies action to push to the repository 's main branch. C is incorrect because you cannot modify a managed IAM policy.
upvoted 2 times
...
saeidp
2 years, 3 months ago
Selected Answer: A
A for me. Managed policy can not be modified
upvoted 3 times
Dimidrol
2 years, 3 months ago
You are right. A is answer.
upvoted 2 times
...
...
Dimidrol
2 years, 3 months ago
https://docs.aws.amazon.com/codecommit/latest/userguide/how-to-conditional-branch.html
upvoted 2 times
...
Dimidrol
2 years, 3 months ago
Selected Answer: C
C for me
upvoted 3 times
USalo
2 years, 3 months ago
You cannot modify MANAGED aws policy. You can only add additional one that forbids. So "A" is correct.
upvoted 3 times
...
Dimidrol
2 years, 3 months ago
https://docs.aws.amazon.com/codecommit/latest/userguide/how-to-conditional-branch.html
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago