Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Amazon DOP-C02 Exam - Topic 2 Question 45 Discussion

A company wants to deploy a workload on several hundred Amazon EC2 instances. The company will provision the EC2 instances in an Auto Scaling group by using a launch template.The workload will pull files from an Amazon S3 bucket, process the data, and put the results into a different S3 bucket. The EC2 instances must have least-privilege permissions and must use temporary security credentials.Which combination of steps will meet these requirements? (Select TWO.)
B) Update the launch template to include the IAM instance profile.
A) Create an IAM role that has the appropriate permissions for S3 buckets. Add the IAM role to an instance profile.
C) Create an IAM user that has the appropriate permissions for Amazon S3. Generate a secret key and token.
D) Create a trust anchor and profile. Attach the IAM role to the profile.
E) Update the launch template. Modify the user data to use the new secret key and token.

Amazon DOP-C02 Exam - Topic 2 Question 45 Discussion

Actual exam question for Amazon's DOP-C02 exam
Question #: 45
Topic #: 2
[All DOP-C02 Questions]

A company wants to deploy a workload on several hundred Amazon EC2 instances. The company will provision the EC2 instances in an Auto Scaling group by using a launch template.

The workload will pull files from an Amazon S3 bucket, process the data, and put the results into a different S3 bucket. The EC2 instances must have least-privilege permissions and must use temporary security credentials.

Which combination of steps will meet these requirements? (Select TWO.)

Show Suggested Answer Hide Answer
Suggested Answer: B

* Modify the Build Stage to Add a Test Action with a RunOrder Value of 2:

The build stage in AWS CodePipeline can have multiple actions. By adding a test action with a runOrder value of 2, the test action will execute after the initial build action completes.

* Use AWS CodeBuild as the Action Provider to Run Unit Tests:

AWS CodeBuild is a fully managed build service that compiles source code, runs tests, and produces software packages.

Using CodeBuild to run unit tests ensures that the tests are executed in a controlled environment and that only the code changes that pass the unit tests proceed to the deploy stage.

Example configuration in CodePipeline:

{

'name': 'BuildStage',

'actions': [

{

'name': 'Build',

'actionTypeId': {

'category': 'Build',

'owner': 'AWS',

'provider': 'CodeBuild',

'version': '1'

},

'runOrder': 1

},

{

'name': 'Test',

'actionTypeId': {

'category': 'Test',

'owner': 'AWS',

'provider': 'CodeBuild',

'version': '1'

},

'runOrder': 2

}

]

}

By integrating the unit tests into the build stage and ensuring they run after the build process, the pipeline guarantees that only code changes passing all unit tests are deployed.


AWS CodePipeline

AWS CodeBuild

Using CodeBuild with CodePipeline

by Anthony at Mar 04, 2025, 10:57 AM

Limited Time Offer

25%

Off

Get Premium DOP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Christoper
6 months ago
E seems risky, using secret keys in user data isn't best practice.
upvoted 0 times
...
Denae
6 months ago
Totally agree, A and B are the way to go!
upvoted 0 times
...
Vicki
7 months ago
Surprised to see D mentioned, isn't that a bit overkill?
upvoted 0 times
...
Pete
7 months ago
I think C is a bad choice. IAM users aren't needed here.
upvoted 0 times
...
Marlon
7 months ago
A and B are definitely the right steps!
upvoted 0 times
...
Eleni
7 months ago
I vaguely remember something about trust anchors, but I don't think option D is necessary here. It seems more complicated than what we need for just accessing S3.
upvoted 0 times
...
Iesha
7 months ago
This question reminds me of a practice scenario we did where we had to set up permissions for S3 access. I think option C is not the way to go since we should avoid using IAM users for this.
upvoted 0 times
...
Nida
8 months ago
I'm a bit unsure about the second step. I feel like updating the launch template is important, but I can't recall if it specifically needs the instance profile mentioned in option B.
upvoted 0 times
...
Blondell
8 months ago
I remember we discussed IAM roles in class, and I think option A is definitely the right choice for granting permissions to the EC2 instances.
upvoted 0 times
...
Raymon
8 months ago
I'm feeling pretty confident about this one. The combination of creating an IAM role with the right permissions and updating the launch template to use that instance profile seems like the best way to meet the requirements.
upvoted 0 times
...
Erasmo
8 months ago
The question is a bit tricky, but I think the key is to use the IAM role and instance profile approach. That way, we can ensure least-privilege permissions and avoid having to manage individual credentials on the instances.
upvoted 0 times
...
Loreta
8 months ago
Okay, I think I've got it. We need to create an IAM role with the right permissions for the S3 buckets, and then update the launch template to include that IAM instance profile. That way, the EC2 instances will have the necessary access without needing to manage individual credentials.
upvoted 0 times
...
Ressie
8 months ago
Hmm, I'm a bit confused about the temporary security credentials part. Do we need to generate a secret key and token, or can we just use the IAM role?
upvoted 0 times
...
Renea
8 months ago
This looks like a straightforward IAM and EC2 setup question. I think the key is to use an IAM role with the appropriate permissions and attach it to the EC2 instances.
upvoted 0 times
...
Justine
1 year ago
I'll take 'Ways to get your company hacked' for 500, Alex. Seriously, who thought options C and E were a good idea? That's like leaving the front door open and the keys in the ignition.
upvoted 0 times
...
Lucina
1 year ago
Ah, the old 'let's create an IAM user and hardcode the credentials' trick. Classic move, but definitely not the right way to go here. Kudos to Rashad for catching that one!
upvoted 0 times
Elena
12 months ago
A: Update the launch template. Modify the user data to use the new secret key and token.
upvoted 0 times
...
Oretha
1 year ago
B: Update the launch template to include the IAM instance profile.
upvoted 0 times
...
Aileen
1 year ago
A: Create an IAM role that has the appropriate permissions for S3 buckets. Add the IAM role to an instance profile.
upvoted 0 times
...
...
Rashad
1 year ago
I was about to choose options C and E, but then I realized that's a terrible idea. Hardcoding secret keys and tokens in the launch template is a huge security risk. Nope, nope, nope!
upvoted 0 times
Annmarie
12 months ago
A: Let's go with options A and B then. It's important to prioritize security when dealing with sensitive data.
upvoted 0 times
...
Lennie
12 months ago
B: Yeah, I agree. Option B also mentions updating the launch template with the IAM instance profile.
upvoted 0 times
...
Glennis
1 year ago
A: Option A seems like the right choice. It mentions using an IAM role and instance profile for permissions.
upvoted 0 times
...
...
Nakisha
1 year ago
I agree with Lasandra. The IAM role and instance profile approach is the recommended way to handle this scenario. Temporary security credentials are the way to go.
upvoted 0 times
...
Lasandra
1 year ago
Options A and B seem like the right choice here. Using an IAM role with the appropriate permissions and attaching it to the instance profile is the best way to manage the security credentials.
upvoted 0 times
Jules
1 year ago
B) Update the launch template to include the IAM instance profile.
upvoted 0 times
...
Gearldine
1 year ago
A) Create an IAM role that has the appropriate permissions for S3 buckets. Add the IAM role to an instance profile.
upvoted 0 times
...
...
Roy
1 year ago
Updating the launch template to include the IAM instance profile is also important.
upvoted 0 times
...
Oliva
1 year ago
Yes, and we should add that IAM role to the instance profile.
upvoted 0 times
...
Reuben
1 year ago
I think we need to create an IAM role for S3 permissions.
upvoted 0 times
...

Save Cancel