Which combination of actions should the DevOps engineer take to fulfill this request?
(Choose two.)
Insert a manual approval action between the test actions and deployment actions of the pipeline.
Modify the buildspec.yml file for the compilation stage to require manual approval before completion.
Update the CodeDeploy deployment groups so that they require manual approval to proceed.
Update the pipeline to directly call the REST API for the penetration testing tool.
Update the pipeline to invoke an AWS Lambda function that calls the REST API for the penetration testing tool.
Explanations:
Inserting a manual approval action in the pipeline allows the QA team to review the build artifact and run their penetration testing tool before proceeding with the deployment to production. This aligns with their request for inspection before deployment.
Modifying the buildspec.yml file to require manual approval would not effectively pause the pipeline at the right time for QA inspection. The buildspec.yml is primarily for build instructions and does not support pipeline approvals directly.
Updating CodeDeploy deployment groups to require manual approval would not address the QA team’s request effectively, as it would delay the deployment process rather than allowing them to inspect the build artifact beforehand. It does not provide an avenue for the QA team to run their tests on the artifact itself.
Directly calling the REST API for the penetration testing tool within the pipeline would not allow the QA team to inspect the artifact beforehand. The QA team needs to approve and conduct tests before any deployment, making this option unsuitable.
Invoking an AWS Lambda function that calls the REST API for the penetration testing tool provides a controlled way to run the tests after the build artifact is ready but before the production deployment. This allows for the necessary inspection and testing without blocking the entire pipeline for manual approval.