Which combination of steps should the company take to update the CI/CD pipeline solution and to configure CodeArtifact with the LEAST operational overhead?
(Choose two.)
Update the C1ICD pipeline to create a VM image that contains newly packaged software. Use AWS Import/Export to make the VM image available as an Amazon EC2 AMI. Launch the AMI with an attached IAM instance profile that allows CodeArtifact actions. Use AWS CLI commands to publish the packages to a CodeArtifact repository.
Create an AWS Identity and Access Management Roles Anywhere trust anchor. Create an IAM role that allows CodeArtifact actions and that has a trust relationship on the trust anchor. Update the on-premises CI/CD pipeline to assume the new IAM role and to publish the packages to CodeArtifact.
Create a new Amazon S3 bucket. Generate a presigned URL that allows the PutObject request. Update the on-premises CI/CD pipeline to use the presigned URL to publish the packages from the on-premises location to the S3 bucket. Create an AWS Lambda function that runs when packages are created in the bucket through a put command. Configure the Lambda function to publish the packages to CodeArtifact.
For each public repository, create a CodeArutact repository that is configured with an external connection. Configure the dependent repositories as upstream public repositories.
Create a Codeartitact repository that is configured with a set of external connections to the public repositories. Configure the external connections to be downstream of the repository.
Explanations:
This option suggests using AWS Import/Export to create an AMI from a VM image, which adds unnecessary complexity and operational overhead. Additionally, the use of AWS CLI commands to publish packages directly to CodeArtifact from an EC2 instance is not optimal, as it requires managing an EC2 instance.
This option provides a seamless way to integrate on-premises CI/CD pipelines with AWS CodeArtifact by allowing the pipeline to assume an IAM role with permissions for CodeArtifact. This approach minimizes operational overhead and enables secure interactions with AWS services directly from the on-premises environment.
While this option outlines a method to use an S3 bucket and Lambda to publish packages, it introduces multiple components (S3, presigned URLs, and Lambda), which increases operational complexity. This approach is less direct and requires additional management of Lambda functions and S3 permissions.
Creating CodeArtifact repositories with external connections for public repositories simplifies package management by allowing direct access to upstream repositories. This configuration enables the CI/CD pipeline to leverage public dependencies without significant overhead, streamlining the process.
This option suggests configuring a CodeArtifact repository with external connections but implies a downstream configuration, which could lead to unnecessary complexity. The goal is to simplify access to public repositories rather than create a convoluted dependency chain.
From what I’ve heard, the answer is:
Create an AWS Identity and Access Management Roles Anywhere trust anchor. Create an IAM role that allows CodeArtifact actions and that has a trust relationship on the trust anchor. Update the on-premises CI/CD pipeline to assume the new IAM role and to publish the packages to CodeArtifact.