What is the MOST scalable solution that meets these requirements?

By:
On:
In: DOP-C02
Tagged:
With: 0 Comments
A company has a guideline that every Amazon EC2 instance must be launched from an AMI that the company’s security team produces.Every month, the security team sends an email message with the latest approved AMIs to all the development teams.The development teams use AWS CloudFormation to deploy their applications.When developers launch a new service, they have to search their email for the latest AMIs that the security department sent.A DevOps engineer wants to automate the process that the security team uses to provide the AMI IDs to the development teams.

What is the MOST scalable solution that meets these requirements?

Direct the security team to use CloudFormation to create new versions of the AMIs and to list the AMI ARNs in an encrypted Amazon S3 object as part of the stack’s Outputs section. Instruct the developers to use a cross-stack reference to load the encrypted S3 object and obtain the most recent AMI ARNs.

Direct the security team to use a CloudFormation stack to create an AWS CodePipeline pipeline that builds new AMIs and places the latest AMI ARNs in an encrypted Amazon S3 object as part of the pipeline output. Instruct the developers to use a cross-stack reference within their own CloudFormation template to obtain the S3 object location and the most recent AMI ARNs.

Direct the security team to use Amazon EC2 Image Builder to create new AMIs and to place the AMI ARNs as parameters in AWS Systems Manager Parameter Store. Instruct the developers to specify a parameter of type SSM in their CloudFormation stack to obtain the most recent AMI ARNs from Parameter Store.

Direct the security team to use Amazon EC2 Image Builder to create new AMIs and to create an Amazon Simple Notification Service (Amazon SNS) topic so that every development team can receive notifications. When the development teams receive a notification, instruct them to write an AWS Lambda function that will update their CloudFormation stack with the most recent AMI ARNs.

Explanations:

Using CloudFormation to manage AMI versions and listing them in S3 objects is not scalable because it requires manual updates to the S3 object and cross-stack references, which is cumbersome for automatic retrieval of the latest AMI ARNs.

While using AWS CodePipeline to build new AMIs is a good approach, using an S3 object to store AMI ARNs and relying on developers to use cross-stack references adds complexity and doesn’t fully automate the retrieval of the most recent AMI in a seamless manner.

Using Amazon EC2 Image Builder to create new AMIs and storing the AMI ARNs in AWS Systems Manager Parameter Store provides a scalable and automated way for developers to fetch the latest AMI IDs directly in their CloudFormation stacks by referencing SSM parameters, which simplifies the process.

Using SNS notifications and requiring developers to write custom Lambda functions adds unnecessary complexity. It involves manual intervention and is not as scalable or automated as the Parameter Store solution.

Leave a Reply

Your email address will not be published. Required fields are marked *

three × 2 =