A security architect is designing a CI/CD pipeline for a cloud environment that uses Terraform for Infrastructure as Code (IaC). A key requirement is to maintain stability in the production environment while allowing developers to test new changes in separate development and staging environments. Which of the following git and module management strategies BEST supports this requirement?
Import the latest revision from the main branch whenever code is built.
Clone the repository locally and allow merges on a rolling basis for all updates.
Reference stable releases so that tested versions are used until new ones are validated.
Keep a single locked file for modules across each environment to ensure uniformity.
Infrastructure as Code (IaC) tools like Terraform rely on proper versioning to ensure environment stability. The best practice is to pin module versions to stable, tagged releases (e.g., version = "1.2.0") for production environments. This prevents untested or breaking changes from being deployed accidentally.
Pulling from the main branch is risky, as it represents ongoing development.
Using a single lock file across different environments (e.g., dev, prod) can force untested provider versions into production. Each environment state should manage its own dependencies.
An uncontrolled local merging process bypasses essential code review and testing, leading to instability.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Infrastructure as Code (IaC)?
Open an interactive chat with Bash
Why are stable releases important in cloud environments?
Open an interactive chat with Bash
What are the risks of pulling code from the main branch for production?