A development team uses AWS CDK to define their infrastructure. They need to deploy the infrastructure across three different AWS accounts (Dev, Test, Prod) from a central CI/CD account. How should they configure the permissions for this cross-account deployment?

Answer options:

A.

Create IAM users in each target account and store their access keys in the central account's Secrets Manager.

B.

Bootstrap the target accounts trusting the central account, and use CDK pipelines to assume the deployment roles in the target accounts.

C.

Use AWS Resource Access Manager (RAM) to share the CDK stacks with the target accounts.

D.

Deploy the CDK stacks manually in each account using the AWS Management Console.

How to approach this question

Understand the AWS CDK bootstrapping process for cross-account deployments.

Full Answer

B.Bootstrap the target accounts trusting the central account, and use CDK pipelines to assume the deployment roles in the target accounts.✓ Correct

CDK bootstrapping provisions resources in a target environment (account/region) that the CDK needs to perform deployments, including IAM roles that a central CI/CD account can assume.

Common mistakes

Choosing access keys, which is highly insecure compared to assuming roles.

Question 20 All questions Question 22

Practice the full AWS Solutions Architect Professional SAP-C02 Practice Exam 1

75 questions · hints · full answers · grading

Sign up free Take the exam

More questions from this exam

Q01An enterprise has 50 VPCs across two AWS Regions. They need to establish transitive routing betwe...Hard Q02A company uses AWS Organizations. The security team wants to ensure that no IAM user or role can ...Medium Q03An application requires a relational database with an RPO of 1 second and an RTO of less than 1 m...Hard Q04A company is setting up a new multi-account environment. They want to automate the provisioning o...Medium Q05An organization wants to allocate AWS costs to specific business units. They use AWS Organization...Hard

View all 75 questions →