🔥 3-day streak
AWS Certified DevOps Engineer - Professional19 / 204
Question 19 of 204
A platform engineering team distributes infrastructure changes across 40 AWS accounts using CDK Pipelines that deploy CloudFormation stacks. Security requires that no stack deployment be allowed to create an S3 bucket without a bucket policy denying non-TLS access, and this must be enforced at deploy time BEFORE resources are provisioned — regardless of whether developers use the correct CDK constructs. The team wants a solution that is centrally managed, applies automatically to all stack operations in every account, and blocks the CloudFormation operation itself if the rule is violated. Which approach meets these requirements?
Reviewed for accuracy · Report an issueNext question