A security architect is designing a CI/CD pipeline for a cloud environment that uses Terraform for Infrastructure as Code (IaC). A key requirement is to maintain stability in the production environment while allowing developers to test new changes in separate development and staging environments. Which of the following git and module management strategies BEST supports this requirement?
Reference stable releases so that tested versions are used until new ones are validated.
Import the latest revision from the main branch whenever code is built.
Keep a single locked file for modules across each environment to ensure uniformity.
Clone the repository locally and allow merges on a rolling basis for all updates.
Infrastructure as Code (IaC) tools like Terraform rely on proper versioning to ensure environment stability. The best practice is to pin module versions to stable, tagged releases (e.g., version = "1.2.0") for production environments. This prevents untested or breaking changes from being deployed accidentally.
Pulling from the main branch is risky, as it represents ongoing development.
Using a single lock file across different environments (e.g., dev, prod) can force untested provider versions into production. Each environment state should manage its own dependencies.
An uncontrolled local merging process bypasses essential code review and testing, leading to instability.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does 'pinning module versions' mean in Terraform?
Open an interactive chat with Bash
Why is referencing the main branch risky in a CI/CD pipeline?
Open an interactive chat with Bash
What is a Terraform lock file, and how does it work?