🔥 3-day streak
AWS Certified DevOps Engineer - Professional9 / 204
Question 9 of 204
A platform team maintains a large CDK application (TypeScript) composed of dozens of stacks authored by multiple product teams. Governance requires that every S3 bucket in every stack must have server-side encryption enabled and every resource must carry a 'CostCenter' tag. The team wants to enforce these rules automatically at synthesis time so that non-compliant stacks fail the build, without asking each product team to modify their construct code. Which approach best meets these requirements?
Reviewed for accuracy · Report an issueNext question