AWS Certified Solutions Architect Professional SAP-C02 Practice Question
A financial services company manages its AWS infrastructure using AWS CloudFormation and a mature CI/CD pipeline built with AWS CodePipeline. A new regulatory requirement mandates a significant infrastructure update that involves modifying critical Amazon RDS database instance properties and associated security groups. The Chief Technology Officer has stipulated that all infrastructure changes must be explicitly reviewed and approved by a senior architect before deployment to production. The process must be auditable, repeatable, and have a mechanism to preview the exact impact of the changes to prevent accidental resource replacement. Which change management process should a Solutions Architect integrate into the existing CodePipeline to meet these requirements most effectively?
Implement a CloudFormation stack policy that denies all updates to the RDS instance, and configure the pipeline to require a senior architect to manually remove the policy before the deployment stage.
Use AWS Config to monitor for any changes to the RDS instance and security groups, and if a non-compliant change is detected, trigger an AWS Lambda function to roll back the CloudFormation stack.
Modify the pipeline to pause before the deployment stage, requiring an architect to manually generate a change set from their local machine and then approve the pipeline to continue.
Configure the pipeline to create a CloudFormation change set, add a manual approval action that notifies a designated architect, and upon approval, execute the change set.