Which combination of steps will meet these requirements?
(Choose two.)
Create an AWS CodeCommit repository to store the Dockerfile and Kubernetes deployment files. Create a pipeline in AWS CodePipeline. Use an Amazon S3 event to invoke the pipeline when a newer version of the Dockerfile is committed. Add a step to the pipeline to initiate the AWS CodeBuild project.
Create an AWS CodeCommit repository to store the Dockerfile and Kubernetes deployment files. Create a pipeline in AWS CodePipeline. Use an Amazon EventBridge event to invoke the pipeline when a newer version of the Dockerfile is committed. Add a step to the pipeline to initiate the AWS CodeBuild project.
Create an AWS CodeBuild project that builds the Docker images and stores the Docker images in an Amazon Elastic Container Registry (Amazon ECR) repository. Turn on basic scanning for the ECR repository. Create an Amazon EventBridge rule that monitors Amazon GuardDuty events. Configure the EventBridge rule to send an event to an SNS topic when the finding-severity-counts parameter is more than 0 at a CRITICAL or HIGH level.
Create an AWS CodeBuild project that builds the Docker images and stores the Docker images in an Amazon Elastic Container Registry (Amazon ECR) repository. Turn on enhanced scanning for the ECR repository. Create an Amazon EventBridge rule that monitors ECR image scan events. Configure the EventBridge rule to send an event to an SNS topic when the finding-severity-counts parameter is more than 0 at a CRITICAL or HIGH level.
Create an AWS CodeBuild project that scans the Dockerfile. Configure the project to build the Docker images and store the Docker images in an Amazon Elastic Container Registry (Amazon ECR) repository if the scan is successful. Configure an SNS topic to provide notification if the scan returns any vulnerabilities.
Explanations:
While this option describes creating a CodeCommit repository and a pipeline in CodePipeline, it does not specify any scanning or notification steps. Additionally, using Amazon S3 events is not suitable for triggering the pipeline based on Dockerfile changes.
This option correctly uses AWS CodeCommit and AWS CodePipeline to automate the build process. It also suggests using Amazon EventBridge to invoke the pipeline based on changes to the Dockerfile, making it easier to manage updates. However, it does not directly address image scanning or notifications.
This option involves creating an ECR repository with basic scanning and monitors GuardDuty events, which are unrelated to Docker image scanning. It does not meet the requirement of notifying on HIGH or CRITICAL findings from image scans.
This option correctly implements a CodeBuild project for building Docker images and storing them in ECR with enhanced scanning. It utilizes an EventBridge rule to monitor ECR image scan events, sending notifications via SNS for HIGH or CRITICAL findings, fulfilling the requirements.
This option describes scanning the Dockerfile and building images conditionally based on scan success. However, it lacks direct integration with ECR scanning results and does not configure notifications for HIGH or CRITICAL findings specifically from image scans.