What can the systems operations team do to ensure company policy is followed while also meeting the development team’s requests?
Create an AWS CloudFormation on template with the requested resources, and give it to the development team to adjust as needed.
Provision the resources using the CLI, and create the necessary IAM permissions to allow the development team to modify them as needed.
Create the AWS Service Catalog product and share with the development team through the Service Catalog.
Grant the development team access to the AWS CloudFormation Design Template Editor to specify the needed resources and configurations. Once the templates are complete, the system operations team will launch the resources.
Explanations:
While providing a CloudFormation template for the development team to adjust may seem beneficial, it allows the development team to make unrestricted changes that could violate the company’s policy on resource configuration management. The policy restricts such configurations to the systems operations team.
Provisioning resources using the CLI and granting IAM permissions would give the development team more control than allowed by company policy. This could lead to configurations that are not managed or approved by the systems operations team, thus violating the policy.
Creating an AWS Service Catalog product allows the systems operations team to define and manage reusable resources while giving the development team the ability to deploy them on demand. This approach adheres to company policy by maintaining control over resource configurations while enabling the development team to streamline their workflows.
Granting access to the AWS CloudFormation Design Template Editor would allow the development team to create and modify CloudFormation templates, which is contrary to the policy that restricts resource configuration management to the systems operations team. This could result in unauthorized changes to resource configurations.