Q62 — AWS DOP-C02 Ch.3
Question 62 of 100 | ← Chapter 3
A company uses Amazon Elastic Kubernetes Service (Amazon EKS) clusters to host machine learning (ML) applications. As ML models and container image sizes grow, new pods take up to 10 minutes to start. A developer needs to reduce startup time to seconds. The solution must reduce startup latency specifically for pods scheduled on recently added nodes in the cluster. The developer created an Amazon EventBridge rule that invokes AWS Systems Manager Automation. When a new image is pushed to the repository, the automation pulls the container image from Amazon Elastic Container Registry (Amazon ECR). The DevOps engineer configured tags on the EKS cluster and node groups. What should the DevOps engineer do to meet these requirements?
- A. Create an IAM role with a policy allowing EventBridge to invoke Systems Manager on the EKS cluster’s control plane nodes. Create a Systems Manager State Manager association using control plane node tags to prefetch the corresponding container images.
- B. Create an IAM role with a policy allowing EventBridge to invoke Systems Manager on the EKS cluster’s nodes. Create a Systems Manager State Manager association using node instance size to prefetch the corresponding container images.
- C. Create an IAM role with a policy allowing EventBridge to invoke Systems Manager on the EKS cluster’s nodes. Create a Systems Manager State Manager association using node tags to prefetch the corresponding container images. ✓
- D. Create an IAM role with a policy allowing EventBridge to invoke Systems Manager on the EKS cluster’s control plane nodes. Create a Systems Manager State Manager association using node tags to prefetch the corresponding container images.
Correct Answer: C. Create an IAM role with a policy allowing EventBridge to invoke Systems Manager on the EKS cluster’s nodes. Create a Systems Manager State Manager association using node tags to prefetch the corresponding container images.
Explanation
To reduce pod startup latency, container images must be pre-pulled onto worker nodes *before* pods are scheduled. Systems Manager State Manager associations apply configurations or run commands on EC2 instances tagged appropriately. Since the goal is to prefetch images on newly added *worker nodes*, the target must be those nodes—not control plane nodes (which don’t run pods). Tags are the correct, flexible mechanism to identify target node groups; instance size is not a reliable or supported targeting method. The IAM role must grant EventBridge permission to invoke Systems Manager on *nodes*, and the State Manager association must use *node tags* to select targets. Only option C satisfies all conditions.