Q8 — AWS DOP-C02 Ch.2

Question 8 of 100 | ← Chapter 2

A company uses AWS Organizations to create a separate AWS account for each department. The company needs to automate the following tasks: regularly refresh patch updates on Linux AMIs and generate golden images; install new versions of the Chef agent in the golden images (as needed); and distribute newly generated golden images to departmental accounts.

Correct Answer: B. Use Amazon EC2 Image Builder to create an image pipeline containing a base Linux AMI and components to install the Chef agent. Share the EC2 Image Builder image with departmental accounts using AWS Resource Access Manager.

Explanation

AWS documentation emphasizes Amazon EC2 Image Builder for automating creation, maintenance, and validation of EC2 images, supporting scheduled updates and component management. AWS Resource Access Manager (RAM) enables cross-account resource sharing, simplifying permission management. Option B combines Image Builder’s pipeline capabilities for patching and Chef agent installation with RAM-based image sharing—eliminating manual AMI permission management. Option A relies on custom scripting, increasing maintenance overhead. Option C introduces complexity via Systems Manager Automation and external scripts. Option D adds unnecessary dependency on Parameter Store and cross-account referencing. Option B delivers the highest automation level and lowest operational overhead, satisfying the minimal management effort requirement.