This is a dedicated watch page for a single video.
The development team at a company deploys to their AWS production environment through a continuous integration/continuous deployment (CI/CD) pipeline. The pipeline itself has broad access to create AWS resources needed to run the application. The company's security team wants to allow the development team to deploy their own IAM principals and policies for their application. However, the security team also needs a control mechanism that requires all resources created by the pipeline to have minimum privileges that comply with the security guidelines. All teams at the company are only allowed to modify the AWS production environment through their CI/CD pipeline. Which options will you combine to address this use case? (Select two)