Q8 — AWS DOP-C02 Ch.2
Question 8 of 100 | ← Chapter 2
A company uses AWS Organizations to create a separate AWS account for each department. The company needs to automate the following tasks: regularly refresh patch updates on Linux AMIs and generate golden images; install new versions of the Chef agent in the golden images (as needed); and distribute newly generated golden images to departmental accounts.
- A. Write a script that launches an Amazon EC2 instance from the previous golden AMI, applies patch updates, installs the new Chef agent version, generates a new golden AMI, and then modifies the AMI permissions to share the new image only with the department’s account.
- B. Use Amazon EC2 Image Builder to create an image pipeline containing a base Linux AMI and components to install the Chef agent. Share the EC2 Image Builder image with departmental accounts using AWS Resource Access Manager. ✓
- C. Use AWS Systems Manager Automation runbooks to update the Linux AMI based on the previous image. Provide a URL to a script that updates the Chef agent. Use AWS Organizations to replace the previous golden image in departmental accounts.
- D. Use Amazon EC2 Image Builder to create an image pipeline containing a base Linux AMI and components to install the Chef agent. Create a parameter in AWS Systems Manager Parameter Store to store the new AMI ID, which departmental accounts can reference.
Correct Answer: B. Use Amazon EC2 Image Builder to create an image pipeline containing a base Linux AMI and components to install the Chef agent. Share the EC2 Image Builder image with departmental accounts using AWS Resource Access Manager.
Explanation
AWS documentation emphasizes Amazon EC2 Image Builder for automating creation, maintenance, and validation of EC2 images, supporting scheduled updates and component management. AWS Resource Access Manager (RAM) enables cross-account resource sharing, simplifying permission management. Option B combines Image Builder’s pipeline capabilities for patching and Chef agent installation with RAM-based image sharing—eliminating manual AMI permission management. Option A relies on custom scripting, increasing maintenance overhead. Option C introduces complexity via Systems Manager Automation and external scripts. Option D adds unnecessary dependency on Parameter Store and cross-account referencing. Option B delivers the highest automation level and lowest operational overhead, satisfying the minimal management effort requirement.