Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location
Mob_nav_barsMENU

Amazon Exam DOP-C02 Topic 2 Question 45 Discussion

Actual exam question for Amazon's DOP-C02 exam
Question #: 45
Topic #: 2
[All DOP-C02 Questions]

A company wants to deploy a workload on several hundred Amazon EC2 instances. The company will provision the EC2 instances in an Auto Scaling group by using a launch template.

The workload will pull files from an Amazon S3 bucket, process the data, and put the results into a different S3 bucket. The EC2 instances must have least-privilege permissions and must use temporary security credentials.

Which combination of steps will meet these requirements? (Select TWO.)

Show Suggested Answer Hide Answer
Suggested Answer: B

* Modify the Build Stage to Add a Test Action with a RunOrder Value of 2:

The build stage in AWS CodePipeline can have multiple actions. By adding a test action with a runOrder value of 2, the test action will execute after the initial build action completes.

* Use AWS CodeBuild as the Action Provider to Run Unit Tests:

AWS CodeBuild is a fully managed build service that compiles source code, runs tests, and produces software packages.

Using CodeBuild to run unit tests ensures that the tests are executed in a controlled environment and that only the code changes that pass the unit tests proceed to the deploy stage.

Example configuration in CodePipeline:

{

'name': 'BuildStage',

'actions': [

{

'name': 'Build',

'actionTypeId': {

'category': 'Build',

'owner': 'AWS',

'provider': 'CodeBuild',

'version': '1'

},

'runOrder': 1

},

{

'name': 'Test',

'actionTypeId': {

'category': 'Test',

'owner': 'AWS',

'provider': 'CodeBuild',

'version': '1'

},

'runOrder': 2

}

]

}

By integrating the unit tests into the build stage and ensuring they run after the build process, the pipeline guarantees that only code changes passing all unit tests are deployed.


AWS CodePipeline

AWS CodeBuild

Using CodeBuild with CodePipeline

by Anthony at Mar 04, 2025, 10:57 AM

Limited Time Offer

25%

Off

Get Premium DOP-C02 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Marlon
5 days ago
A and B are definitely the right steps!
upvoted 0 times
...
Eleni
11 days ago
I vaguely remember something about trust anchors, but I don't think option D is necessary here. It seems more complicated than what we need for just accessing S3.
upvoted 0 times
...
Iesha
16 days ago
This question reminds me of a practice scenario we did where we had to set up permissions for S3 access. I think option C is not the way to go since we should avoid using IAM users for this.
upvoted 0 times
...
Nida
22 days ago
I'm a bit unsure about the second step. I feel like updating the launch template is important, but I can't recall if it specifically needs the instance profile mentioned in option B.
upvoted 0 times
...
Blondell
28 days ago
I remember we discussed IAM roles in class, and I think option A is definitely the right choice for granting permissions to the EC2 instances.
upvoted 0 times
...
Raymon
28 days ago
I'm feeling pretty confident about this one. The combination of creating an IAM role with the right permissions and updating the launch template to use that instance profile seems like the best way to meet the requirements.
upvoted 0 times
...
Erasmo
28 days ago
The question is a bit tricky, but I think the key is to use the IAM role and instance profile approach. That way, we can ensure least-privilege permissions and avoid having to manage individual credentials on the instances.
upvoted 0 times
...
Loreta
28 days ago
Okay, I think I've got it. We need to create an IAM role with the right permissions for the S3 buckets, and then update the launch template to include that IAM instance profile. That way, the EC2 instances will have the necessary access without needing to manage individual credentials.
upvoted 0 times
...
Ressie
28 days ago
Hmm, I'm a bit confused about the temporary security credentials part. Do we need to generate a secret key and token, or can we just use the IAM role?
upvoted 0 times
...
Renea
1 months ago
This looks like a straightforward IAM and EC2 setup question. I think the key is to use an IAM role with the appropriate permissions and attach it to the EC2 instances.
upvoted 0 times
...
Justine
6 months ago
I'll take 'Ways to get your company hacked' for 500, Alex. Seriously, who thought options C and E were a good idea? That's like leaving the front door open and the keys in the ignition.
upvoted 0 times
...
Lucina
6 months ago
Ah, the old 'let's create an IAM user and hardcode the credentials' trick. Classic move, but definitely not the right way to go here. Kudos to Rashad for catching that one!
upvoted 0 times
Elena
5 months ago
A: Update the launch template. Modify the user data to use the new secret key and token.
upvoted 0 times
...
Oretha
5 months ago
B: Update the launch template to include the IAM instance profile.
upvoted 0 times
...
Aileen
6 months ago
A: Create an IAM role that has the appropriate permissions for S3 buckets. Add the IAM role to an instance profile.
upvoted 0 times
...
...
Rashad
6 months ago
I was about to choose options C and E, but then I realized that's a terrible idea. Hardcoding secret keys and tokens in the launch template is a huge security risk. Nope, nope, nope!
upvoted 0 times
Annmarie
5 months ago
A: Let's go with options A and B then. It's important to prioritize security when dealing with sensitive data.
upvoted 0 times
...
Lennie
5 months ago
B: Yeah, I agree. Option B also mentions updating the launch template with the IAM instance profile.
upvoted 0 times
...
Glennis
5 months ago
A: Option A seems like the right choice. It mentions using an IAM role and instance profile for permissions.
upvoted 0 times
...
...
Nakisha
6 months ago
I agree with Lasandra. The IAM role and instance profile approach is the recommended way to handle this scenario. Temporary security credentials are the way to go.
upvoted 0 times
...
Lasandra
7 months ago
Options A and B seem like the right choice here. Using an IAM role with the appropriate permissions and attaching it to the instance profile is the best way to manage the security credentials.
upvoted 0 times
Jules
6 months ago
B) Update the launch template to include the IAM instance profile.
upvoted 0 times
...
Gearldine
6 months ago
A) Create an IAM role that has the appropriate permissions for S3 buckets. Add the IAM role to an instance profile.
upvoted 0 times
...
...
Roy
7 months ago
Updating the launch template to include the IAM instance profile is also important.
upvoted 0 times
...
Oliva
7 months ago
Yes, and we should add that IAM role to the instance profile.
upvoted 0 times
...
Reuben
7 months ago
I think we need to create an IAM role for S3 permissions.
upvoted 0 times
...

Save Cancel