What is the MOST scalable solution that meets these requirements?

By:
On:
In: DOP-C01
Tagged:
With: 0 Comments
A company has a guideline that every Amazon EC2 instance must be launched from an AMI that the company’s security team produces.Every month, the security team sends an email message with the latest approved AMIs to all the development teams.The development teams use AWS CloudFormation to deploy their applications.When developers launch a new service, they have to search their email for the latest AMIs that the security department sent.A DevOps engineer wants to automate the process that the security team uses to provide the AMI IDs to the development teams.

What is the MOST scalable solution that meets these requirements?

Direct the security team to use CloudFormation to create new versions of the AMIs and to list the AMI ARNs in an encrypted Amazon S3 object as part of the stack’s Outputs section. Instruct the developers to use a cross-stack reference to load the encrypted S3 object and obtain the most recent AMI ARNs.

Direct the security team to use a CloudFormation stack to create an AWS CodePipeline pipeline that builds new AMIs and places the latest AMI ARNs in an encrypted Amazon S3 object as part of the pipeline output. Instruct the developers to use a cross-stack reference within their own CloudFormation template to obtain the S3 object location and the most recent AMI ARNs.

Direct the security team to use Amazon EC2 Image Builder to create new AMIs and to place the AMI ARNs as parameters in AWS Systems Manager Parameter Store. Instruct the developers to specify a parameter of type SSM in their CloudFormation stack to obtain the most recent AMI ARNs from Parameter Store.

Direct the security team to use Amazon EC2 Image Builder to create new AMIs and to create an Amazon Simple Notification Service (Amazon SNS) topic so that every development team can receive notifications. When the development teams receive a notification, instruct them to write an AWS Lambda function that will update their CloudFormation stack with the most recent AMI ARNs.

Explanations:

Using CloudFormation to manage AMI ARNs via an encrypted S3 object is not the most scalable or efficient solution. Searching emails for AMI IDs and cross-stack references introduces unnecessary complexity.

Using AWS CodePipeline for AMI creation and referencing an encrypted S3 object adds complexity. CodePipeline is better suited for application deployment pipelines rather than managing AMI ARNs for infrastructure.

Amazon EC2 Image Builder can automate the creation of new AMIs, and storing AMI ARNs in AWS Systems Manager Parameter Store makes it easy for developers to reference the most recent AMIs in their CloudFormation stacks. This is scalable and simple.

Using Amazon SNS and Lambda to notify and update CloudFormation stacks introduces unnecessary manual intervention and complexity. This is less scalable compared to using Parameter Store, which allows direct retrieval of AMI information.

Leave a Reply

Your email address will not be published. Required fields are marked *

14 + thirteen =