Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 21 discussion

The question wants you to know which solution is the easiest to maintain. It's important not to get thrown by information provided about their current environment. Only the question they ask matters. The question asks which solution is the easiest to "maintain". The question did not ask whether it would be easy to transition from one solution to another or ask you to leverage containers like other parts of their environment. As a managed service, AWS CodeBuild does not require patching and upgrading. AWS CodeBuild, using Amazon S3, provides automatic artifact encryption. So this solution is the easiest to maintain of all the solutions listed. https://docs.aws.amazon.com/codebuild/latest/userguide/welcome.html https://docs.aws.amazon.com/codebuild/latest/userguide/security-encryption.html

While B will require less changes to the build process I assume AWS is promoting managed services here and expects D answer.

The answer is B Containerized Jenkins on ECS: By deploying Jenkins on Amazon ECS (Elastic Container Service), you can leverage containerized environments to easily scale and manage Jenkins. This reduces the operational overhead of patching and upgrading EC2 instances running Jenkins. Artifact Storage with Encryption:Storing build artifacts in Amazon S3 with default encryption enabled ensures that all files in the bucket are automatically encrypted at rest using either SSE-S3 or SSE-KMS. This complies with the requirement to protect intellectual property by ensuring encryption of artifacts. This approach ensures a fully managed and scalable solution for both Jenkins (containerized) and the artifact storage, aligning with best practices for security and compliance.

while option D could be easier for simple projects or when starting from scratch, it may not be the most maintainable solution for a company that already has a significant investment in Jenkins. Option B provides a balanced approach, leveraging Jenkins' capabilities while improving infrastructure management and security.

AWS codebuild use kms encryption key by default

"D" for me based on sb333's comments, etc.

D isn't cost effective, but most maintainable

Answer is D AWS CodeBuild can be seamlessly integrated with containerized applications deployed on Amazon ECS. AWS CodeBuild utilizes multiple layers of encryption to safeguard your data at rest, in transit, and during execution.

D Seems the best option

D is correct: codebuild has encryption by default -> easiest to maintain A: No mention of encrypting build artifacts B: Amazon S3 excryption only protect data at rest, not encrypting the data C: Using both AWS codepipline and AWS secret manager incurs more costs and makes maintenance much more difficult

D is the right answer

D is the right answer

B is the answer . The ask is not to re engineer the whole solution it's just a simple task which needs encrypt the artifact. Jenkins on Amazon ECS: Running Jenkins in an Amazon ECS cluster allows you to containerize your Jenkins setup, making it easier to manage and scale. ECS offers high availability, scalability, and easy maintenance. Normally Jenkin should run on ECS so it can handle multiple agents while use S3 as the default encryption.

MOST maintainable manner is repacing jenkins with Codebuild a fully managed service If the question had been with minimal chnage to the envornment then B would be best

Answer is D: MOST maintainable manner/managed service is the key word and there is no need to patch and upgrade. There is ECS with EC2 instances and ECS with fargate and the question is not explicit. Hence maintenance wise, a managed service is the way to go. https://jenkinshero.com/jenkins-vs-aws-codebuild-for-building-docker-images/

Technically CodeBuild runs on a VM… albeit disposable. Switching on EC2 24/7 is not cost effective either.

D. Use AWS CodeBuild with artifact encryption to replace the Jenkins instance running on EC2 instances. Explanation: AWS CodeBuild is a fully managed continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy. With CodeBuild, you don’t need to provision, manage, and scale your own build servers. It also provides built-in support for artifact encryption, which would satisfy the compliance officer's requirements. This would eliminate the need for patching and upgrading Jenkins on EC2 instances, as well as the need to handle encryption at the storage level.