SAP-C02 第 508 题
题目
A company has an application that uses Amazon EC2 instances in an Auto Scaling group. The quality assurance (QA) department needs to launch a large number of short-lived environments to test the application. The application environments are currently launched by the manager of the department using an AWS CloudFormation template. To launch the stack, the manager uses a role with permission to use CloudFormation, EC2, and Auto Scaling APIs. The manager wants to allow testers to launch their own environments, but does not want to grant broad permissions to each user. Which set up would achieve these goals?
中文翻译:
一家公司的应用程序在 Auto Scaling 组中使用 Amazon EC2 实例。质量保证 (QA) 部门需要启动大量短期环境来测试应用程序。应用程序环境目前由部门经理使用 AWS CloudFormation 模板启动。为了启动堆栈,管理员使用有权使用 CloudFormation、EC2 和 Auto Scaling API 的角色。经理希望允许测试人员启动自己的环境,但不想向每个用户授予广泛的权限。哪种设置可以实现这些目标?
选项
A. Upload the AWS CloudFormation template to Amazon S3. Give users in the QA department permission to assume the manager’s role and add a policy that restricts the permissions to the template and the resources it creates. Train users to launch the template from the CloudFormation console.
中文翻译:
将 AWS CloudFormation 模板上传到 Amazon S3。授予 QA 部门的用户担任经理角色的权限,并添加限制模板及其创建的资源的权限的策略。培训用户从 CloudFormation 控制台启动模板。
B. Create an AWS Service Catalog product from the environment template. Add a launch constraint to the product with the existing role. Give users in the QA department permission to use AWS Service Catalog APIs only. Train users to launch the template from the AWS Service Catalog console.
中文翻译:
从环境模板创建 AWS Service Catalog 产品。向具有现有角色的产品添加启动约束。仅授予 QA 部门的用户使用 AWS Service Catalog API 的权限。培训用户从 AWS Service Catalog 控制台启动模板。
C. Upload the AWS CloudFormation template to Amazon S3. Give users in the QA department permission to use CloudFormation and S3 APIs, with conditions that restrict the permissions to the template and the resources it creates. Train users to launch the template from the CloudFormation console.
中文翻译:
将 AWS CloudFormation 模板上传到 Amazon S3。授予 QA 部门的用户使用 CloudFormation 和 S3 API 的权限,并限制对模板及其创建的资源的权限。培训用户从 CloudFormation 控制台启动模板。
D. Create an AWS Elastic Beanstalk application from the environment template. Give users in the QA department permission to use Elastic Beanstalk permissions only. Train users to launch Elastic Beanstalk environments with the Elastic Beanstalk CLI, passing the existing role to the environment as a service role.
中文翻译:
从环境模板创建 AWS Elastic Beanstalk 应用程序。仅授予 QA 部门的用户使用 Elastic Beanstalk 权限。培训用户使用 Elastic Beanstalk CLI 启动 Elastic Beanstalk 环境,将现有角色作为服务角色传递到环境。
答案
B
解析
正确答案:B 解析: 本题应选择 B。 正确选项: B. 从环境模板创建 AWS Service Catalog 产品。向具有现有角色的产品添加启动约束。仅授予 QA 部门的用户使用 AWS Service Catalog API 的权限。培训用户从 AWS Service Catalog 控制台启动模板。 选择理由: 该选项最直接地满足题干中的关键约束。做 SAP-C02 题目时,需要同时对照题干里的限定词,例如最高性能、最低运维开销...