DOP-C02 Domain 1: SDLC Automation

A hybrid workload will use AWS CodeDeploy on on-premises servers. What is the MOST secure way to register targets and deploy with tag-based deployment groups?

Multiple choice — select one answer

Answer choices

  1. a. IAM role with STS AssumeRole; refresh credentials on a schedule; install the CodeDeploy agent; register on-premises instances; tag-based deployment group.
  2. b. IAM user access keys in a local credentials file; register instance IDs with the deployment group. (not recommended for production workloads)
  3. c. CloudFormation Guard or cfn-nag in CodeBuild
  4. d. AWS CodePipeline with manual approval actions

Architectural breakdown & explanation

Temporary credentials from AssumeRole avoid long-lived keys; CodeDeploy deployment groups target tags.

Correct answer(s): a. IAM role with STS AssumeRole; refresh credentials on a schedule; install the CodeDeploy agent; register on-premises instances; tag-based deployment group.

Exam domain: Domain 1: SDLC Automation (22% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the AWS Certified DevOps Engineer – Professional bank. Run a full timed practice exam with domain-weighted random questions in your browser.