Design for New Solutions I
Explore how to design secure, compliant, and repeatable deployment architectures across multiple AWS accounts. Learn to implement encryption for artifacts, enforce manual approvals for production changes, and use cross-account roles without long-term credentials. This lesson helps you apply best practices to build governed release pipelines for complex SaaS environments.
We'll cover the following...
Question 21
A regulated software company is building a SaaS platform across separate tooling, development, staging, and production AWS accounts. Infrastructure and application releases must be repeatable, production changes must be reviewed before execution, artifacts must be encrypted, and deployments must not use long-term credentials. Which deployment architecture best satisfies these requirements?
A. Allow senior developers to run AWS CloudFormation deployments from secured laptops using IAM user access keys. Store packaged templates in each target account and rely on drift detection to remediate unauthorized changes automatically.
B. Run AWS CodePipeline in the tooling account, use AWS CodeBuild to package and validate AWS CloudFormation templates, store artifacts in an AWS KMS-encrypted Amazon S3 bucket whose key policy allows target deployment roles to decrypt the artifacts, call AssumeRole for tightly scoped cross-account roles, deploy shared baselines with service-managed StackSets to OUs, use nested stacks and cross-stack exports within each workload, and require manual approval before executing production change sets.
C. Create nested stacks from the tooling account for all organization-wide account baselines, execute AWS CloudFormation updates directly in production after tests pass, and rely on rollback if a custom resource Lambda function times out.
...