Amazon Web Services Updated SAP-C02 Exam Questions and Answers by luan

GitHub Webhooks to Trigger CodePipeline:

Configure GitHub webhooks to trigger the AWS CodePipeline pipeline. This ensures that every code push to the repository automatically triggers the pipeline, initiating the build and deployment process.

Unit Testing with Jenkins and AWS CodeBuild:

Use Jenkins integrated with the AWS CodeBuild plugin to perform unit testing. Jenkins will manage the build process, and the results will be handled by CodeBuild.

Notifications for Bad Builds:

Configure Amazon SNS (Simple Notification Service) to send alerts for any failed builds. This keeps the engineering team informed of build issues immediately, allowing for quick resolutions.

Blue/Green Deployment with AWS CodeDeploy:

Utilize AWS CodeDeploy with a blue/green deployment strategy. This method reduces downtime and risk by running two identical production environments (blue and green). CodeDeploy shifts traffic between these environments, allowing you to test in the new environment (green) while the old environment (blue) remains live. If issues arise, you can quickly roll back to the previous environment.

This solution provides seamless, zero-downtime deployments, and the ability to quickly roll back changes if necessary, fulfilling the requirements of the startup company.

References

AWS DevOps Blog on Integrating Jenkins with AWS CodeBuild and CodeDeploy【32】.

Plain English Guide to AWS CodePipeline with GitHub【33】.

Jenkins Plugin for AWS CodePipeline【34】.

Comprehensive and Detailed Explanation From Exact Extract:

D is correct because the requirement explicitly calls for (1) dedicated private connectivity, (2) automated and centrally managed operation, and (3) connectivity between on-premises data centers and multiple AWS Regions.

AWS Direct Connect provides dedicated private connectivity from on-premises environments to AWS. This is the key differentiator versus internet-based connectivity options when performance and consistency are required to meet strict SLAs.

AWS Cloud WAN provides centralized, policy-based management of a global network across Regions and on-premises attachments. Using Direct Connect attachments to Cloud WAN lets the company centrally define routing/segmentation policies and connect multiple data centers to multiple Regions in a consistent, automated way—well aligned to “automated and centrally managed” requirements for a multi-Region payment platform.

Why the other options are incorrect:

A (Global Accelerator) improves performance for internet-facing endpoints using Anycast and edge routing, but it does not provide private, dedicated connectivity between on-premises networks and AWS services. It is not the right tool for private HSM-to-AWS service connectivity.

B (Site-to-Site VPN + Transit Gateway) can be centrally routed with Transit Gateway, but VPN tunnels run over the public internet and are not “dedicated private connectivity.” They can be acceptable for many cases, but they do not best meet “dedicated private connectivity” and strict SLA expectations compared to Direct Connect.

C (CloudHSM) changes the architecture by moving tokenization into AWS-managed HSM infrastructure. The question states the company manages on-premises HSMs and needs private connectivity between those HSMs and AWS payment services, so replacing them with CloudHSM does not satisfy the stated connectivity requirement.

This solution allows developers to quickly launch resources using pre-approved configurations and instance types, while also ensuring that the resources launched comply with the company's architectural patterns. This can help reduce data transfer and compute costs associated with the resources. Using AWS Service Catalog also allows the company to control access to the approved configurations and resources through the use of IAM roles, while also allowing developers to quickly provision resources without negatively affecting their ability to perform their tasks.