New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon DOP-C02 Exam - Topic 1 Question 8 Discussion

Actual exam question for Amazon's DOP-C02 exam
Question #: 8
Topic #: 1
[All DOP-C02 Questions]

A global company manages multiple AWS accounts by using AWS Control Tower. The company hosts internal applications and public applications.

Each application team in the company has its own AWS account for application hosting. The accounts are consolidated in an organization in AWS Organizations. One of the AWS Control Tower member accounts serves as a centralized DevOps account with CI/CD pipelines that application teams use to deploy applications to their respective target AWS accounts. An 1AM role for deployment exists in the centralized DevOps account.

An application team is attempting to deploy its application to an Amazon Elastic Kubernetes Service (Amazon EKS) cluster in an application AWS account. An 1AM role for deployment exists in the application AWS account. The deployment is through an AWS CodeBuild project that is set up in the centralized DevOps account. The CodeBuild project uses an 1AM service role for CodeBuild. The deployment is failing with an Unauthorized error during attempts to connect to the cross-account EKS cluster from CodeBuild.

Which solution will resolve this error?

Show Suggested Answer Hide Answer
Suggested Answer: D

by Buddy at Jul 08, 2023, 07:15 PM

Limited Time Offer

25%

Off

Get Premium DOP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Fidelia
3 months ago
Trust relationships are key here, no doubt about it.
upvoted 0 times
...
Buddy
3 months ago
Wait, assume role with SAML? That’s new to me!
upvoted 0 times
...
Alpha
4 months ago
I’m not so sure about that, B could work too.
upvoted 0 times
...
Ilene
4 months ago
Definitely A! That’s the right way to set up permissions.
upvoted 0 times
...
Arminda
4 months ago
Sounds like a trust relationship issue with IAM roles.
upvoted 0 times
...
Eleonora
4 months ago
I recall that the aws-auth ConfigMap is important for mapping roles, but I can't remember if it should be done in the application account or the DevOps account. I hope I chose the right option!
upvoted 0 times
...
Sanda
4 months ago
I'm a bit confused about the sts:AssumeRole action. Does it apply to both accounts, or just one? I thought the centralized DevOps account should have the trust relationship.
upvoted 0 times
...
Dewitt
5 months ago
I think we had a similar practice question about cross-account access with EKS. I feel like option A makes sense since it mentions configuring the aws-auth ConfigMap, which is crucial for EKS permissions.
upvoted 0 times
...
Gerry
5 months ago
I remember we discussed trust relationships in IAM roles, but I'm not sure if it's the application account's role or the DevOps account's role that needs the trust relationship.
upvoted 0 times
...
Stephania
5 months ago
Hmm, this looks like a tricky one. I'll need to think through the relationship between FusionInsight, Oozie, and HDFS to figure out the right answer.
upvoted 0 times
...
Yoko
5 months ago
Hmm, this looks tricky. I'll need to review the Webex Teams API documentation to make sure I get the syntax right.
upvoted 0 times
...
Kattie
5 months ago
I'm feeling pretty confident about this. The key parameters are "to=el" for Greek translation, "toScript=Latn" for the Roman alphabet transliteration, and "textType=html" since the content is from a webpage.
upvoted 0 times
...
Pete
5 months ago
I think the key here is understanding the role of the medical staff committees and who they report to. Based on that, I'm pretty confident that the correct answer is Executive.
upvoted 0 times
...

Save Cancel