Logo
AWS Certified Developer – Associate / Question #857 of 557

Question #857

A developer must obtain approval from a security team before deploying code changes to production using AWS CodePipeline. The developer uses an Amazon Simple Notification Service (Amazon SNS) topic to notify the security team. What is the MOST operationally efficient way to implement this approval process within the pipeline?

A

Add a new stage to CodePipeline before the production deployment stage. Include a manual approval action in the new stage. Configure a notification rule in the pipeline settings to trigger the SNS topic using its ARN when manual approval is required.
B

Develop an AWS Lambda function that sends a notification via the SNS topic and waits for approval. Add a new stage to CodePipeline before production deployment and integrate the Lambda function as a custom action.
C

Add a manual approval action to the existing staging stage in CodePipeline. Specify the SNS topic's ARN during the approval action configuration to notify the security team.
D

Modify the CodePipeline settings to create a new notification rule targeting the SNS topic. Set the rule to trigger on manual approval events without adding a new stage to the pipeline.

Explanation

Option A is correct because it leverages AWS CodePipeline's built-in manual approval action and notification rules. By adding a new stage before production with a manual approval action, the pipeline pauses until approval. Configuring a notification rule linked to the SNS topic ARN ensures automatic alerts to the security team when approval is needed, avoiding custom code or complex setups.

Option B is incorrect because using a Lambda function adds unnecessary complexity when native integration via approval actions and notifications suffices. Option C is suboptimal because it modifies an existing stage (e.g., staging) rather than adding a dedicated approval stage before production, which aligns better with the requirement. Option D is invalid because notification rules cannot trigger without a manual approval action in the pipeline, which requires adding a stage.

Answer

The correct answer is: A