Question 9:
A team is developing an application and the code is managed in a repository in AWS CodeCommit. The developers push code in their own branches. When the code is ready for release, only a senior team member is allowed to merge the other branches into master. The merging event then triggers a pipeline for the deployment in production. You need to make sure that the team members are allowed to push or merge code to all the branches except the master branch. Which of the following options describes the correct method?
Answer options:
A.Create an IAM group that includes the team members and attach the below policy:
{ "Effect": "Allow",
"Action": [
"codecommit:GitPush",
"codecommit:Merge*" ],
"Resource": [ "arn:aws:codecommit:*:*:the-repo-name" ],
"Condition": {
"StringNotEquals": {
"codecommit:References": [ "refs/heads/master" ]}
}
}
B.In the AWS CodeCommit management console, configure the team members as viewers in the master branch and editors in the dev branch.
C.Add the team members in an IAM group and attach the IAM policy in the group:
{ "Effect": "Deny",
"Action": [
"codecommit:GitPush",
"codecommit:Merge*" ],
"NotResource": [ "arn:aws:codecommit:*:*:the-repo-name" ]
}
D.Create an IAM group to include the team members and attach a CodeCommit resource policy for the master branch of the repository:
{ "Effect": "Deny",
"Action": [
"codecommit:GitPush",
"codecommit:Merge*" ],
"Principal": [ "arn:aws:iam::xxxxxxxxxxxx:group/Development" ],
"Resource": [ "*" ]
}