A company requires that all infrastructure deployments are scanned for security vulnerabilities and compliance violations before being provisioned in AWS. They use AWS CloudFormation. How can this be automated in their CI/CD pipeline?

Answer options:

Use AWS Config rules to evaluate the resources after deployment.

Integrate AWS CloudFormation Guard in the pipeline to evaluate templates against policy rules before deployment.

Use Amazon Inspector to scan the CloudFormation templates.

Use AWS Trusted Advisor to block non-compliant deployments.

How to approach this question

Look for the tool designed specifically for pre-deployment CloudFormation scanning.

B.Integrate AWS CloudFormation Guard in the pipeline to evaluate templates against policy rules before deployment.✓ Correct

AWS CloudFormation Guard is a policy-as-code evaluation tool that checks CloudFormation templates for compliance prior to deployment.

Choosing AWS Config, which evaluates resources after they are provisioned.

75 questions · hints · full answers · grading