ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 110 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 110
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company uses AWS CodeArtifact to centrally store Python packages. The CodeArtifact repository is configured with the following repository policy:



A development team is building a new project in an account that is in an organization in AWS Organizations. The development team wants to use a Python library that has already been stored in the CodeArtifact repository in the organization. The development team uses AWS CodePipeline and AWS CodeBuild to build the new application. The CodeBuild job that the development team uses to build the application is configured to run in a VPC. Because of compliance requirements, the VPC has no internet connectivity.

The development team creates the VPC endpoints for CodeArtifact and updates the CodeBuild buildspec.yaml file. However, the development team cannot download the Python library from the repository.

Which combination of steps should a DevOps engineer take so that the development team can use CodeArtifact? (Choose two.)

  • A. Create an Amazon S3 gateway endpoint. Update the route tables for the subnets that are running the CodeBuild job.
  • B. Update the repository policy’s Principal statement to include the ARN of the role that the CodeBuild project uses.
  • C. Share the CodeArtifact repository with the organization by using AWS Resource Access Manager (AWS RAM).
  • D. Update the role that the CodeBuild project uses so that the role has sufficient permissions to use the CodeArtifact repository.
  • E. Specify the account that hosts the repository as the delegated administrator for CodeArtifact in the organization.
Show Suggested Answer Hide Answer
Suggested Answer: AD 🗳️
by Jowblow at May 8, 2023, 3:43 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
TroyMcLure
Highly Voted 1 year, 11 months ago
Selected Answer: AD
I guess the answer is AD because of this: "AWS CodeArtifact operates in multiple Availability Zones and stores artifact data and metadata in Amazon S3 and Amazon DynamoDB. Your encrypted data is redundantly stored across multiple facilities and multiple devices in each facility, making it highly available and highly durable." https://aws.amazon.com/codeartifact/features/ With no internet connectivity, a gateway endpoint becomes necessary to access S3.
upvoted 13 times
Arnaud92
1 year, 10 months ago
https://docs.aws.amazon.com/codeartifact/latest/ug/create-s3-gateway-endpoint.html It clearly state that you need to create a S3 endpoint to use codeartifact in a private network.
upvoted 8 times
vortegon
1 year, 2 months ago
An Amazon S3 endpoint is not needed when using Python or Swift package formats.
upvoted 5 times
syh_rapha
9 months, 2 weeks ago
When this question was created, there was no exception for Python and Swift packages. You can check this using the Wayback machine: https://web.archive.org/web/20230521063821/https://docs.aws.amazon.com/codeartifact/latest/ug/create-s3-gateway-endpoint.html Considering that it's very common to have outdated questions in the exam, I'd say this is one those cases. So yeah, I'll also go with AD (also because B is not needed since the repository policy is already allowing the entire org).
upvoted 2 times
...
...
...
RVivek
1 year, 7 months ago
A- incorrect because the question says Devops engineers careted VPC endpoints for CodeArtifact
upvoted 2 times
RVivek
1 year, 7 months ago
AD even though Devops engineer created a CodeArtifcat still a S3 end point is required
upvoted 2 times
Venki_dev
10 months, 1 week ago
note here says "An Amazon S3 endpoint is not needed when using Python or Swift package formats." https://docs.aws.amazon.com/codeartifact/latest/ug/create-s3-gateway-endpoint.html
upvoted 1 times
...
...
...
...
Jowblow
Highly Voted 1 year, 11 months ago
Selected Answer: AD
Codeartifact uses s3 gateway endpoints to store packages. The key word here are no internet access.
upvoted 6 times
...
79f3aa3
Most Recent 2 months ago
Selected Answer: BD
Two things that are clearly mentioned in the question: 1. Python library has already been stored in the CodeArtifact repository 2. VPC endpoint for CodeArtifact also have been configured The only thing left are the permissions to access CodeArtifact, which mean B and D.
upvoted 1 times
...
spring21
4 months, 3 weeks ago
Selected Answer: AD
AWS CodeArtifact stores artifact data and metadata in Amazon S3. To pull packages from CodeArtifact, you need to create an Amazon S3 gateway endpoint. You can use the aws ec2 create-vpc-endpoint AWS CLI command to create the endpoint.
upvoted 1 times
...
steli0
5 months ago
Selected Answer: BD
I vote for BD even though it's not so clear if both repo and CodeBuild are in the same org. Moreover, S3 GW endpoint auto-creates the routes with prefix-lists at your table. https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-s3.html#create-gateway-endpoint-s3 Nevertheless as mentioned here in AWS documentation that other users posted S3 . I hope this question is removed from the exam.
upvoted 1 times
...
[Removed]
8 months, 1 week ago
Selected Answer: AD
AD for me
upvoted 1 times
...
iulian0585
8 months, 3 weeks ago
Selected Answer: AD
https://docs.aws.amazon.com/codeartifact/latest/ug/create-s3-gateway-endpoint.html
upvoted 2 times
...
auxwww
9 months ago
B - doesn't make any sense because aws:PrincipalOrgID condition key in repo policy already allows any principal within the org to access the repo
upvoted 2 times
...
Venki_dev
10 months, 1 week ago
Selected Answer: BD
BD note here says "An Amazon S3 endpoint is not needed when using Python or Swift package formats." https://docs.aws.amazon.com/codeartifact/latest/ug/create-s3-gateway-endpoint.html
upvoted 1 times
...
zijo
10 months, 2 weeks ago
Selected Answer: CD
C is needed if the codeartifact and codebuild are in different organization accounts, AWS RAM is a service that allows you to share AWS resources with other AWS accounts within your organization. AWS RAM can be used to share CodeArtifact resources across different accounts. A is not needed you do not need an S3 gateway as a VPC endpoint specifically for using AWS CodeArtifact with Python packages. AWS CodeArtifact itself manages the storage and retrieval of packages, and it uses its own service endpoints for these operations. D is needed for Ensure the IAM role used by CodeBuild has permissions to access CodeArtifact B is not needed Here it is not required because the CodeArtifact policy has Principal as *
upvoted 3 times
...
that1guy
11 months, 2 weeks ago
Selected Answer: CD
C and D A - S3 gateway endpoint is not required for Python: https://docs.aws.amazon.com/codeartifact/latest/ug/create-s3-gateway-endpoint.html B - Principal is already "*".
upvoted 1 times
vn_thanhtung
11 months ago
Pls Read link https://docs.aws.amazon.com/ram/latest/userguide/shareable.html
upvoted 1 times
...
...
seetpt
11 months, 4 weeks ago
Selected Answer: AD
AD because Principal is already "*".
upvoted 2 times
...
xdkonorek2
12 months ago
Selected Answer: BD
as for A: "To pull packages from CodeArtifact, you must create a gateway endpoint for Amazon S3." but... "Note - An Amazon S3 endpoint is not needed when using Python or Swift package formats." https://docs.aws.amazon.com/codeartifact/latest/ug/create-s3-gateway-endpoint.html
upvoted 2 times
...
c3518fc
1 year ago
Selected Answer: BD
The issue here is policy update as the developers have already enabled VPC endpoint (CodeArtifact uses Amazon Simple Storage Service (Amazon S3) to store package assets. To pull packages from CodeArtifact, you must create a gateway endpoint for Amazon S3. When your build or deployment process downloads packages from CodeArtifact, it must access CodeArtifact to get package metadata and Amazon S3 to download package assets (for example, Maven .jar files). Note An Amazon S3 endpoint is not needed when using Python or Swift package formats. To create the Amazon S3 gateway endpoint for CodeArtifact, use the Amazon EC2 create-vpc-endpoint AWS CLI command. When you create the endpoint, you must select the route tables for your VPC. For more information, see Gateway VPC Endpoints in the Amazon Virtual Private Cloud User Guide.)
upvoted 4 times
c3518fc
1 year ago
https://docs.aws.amazon.com/codeartifact/latest/ug/create-s3-gateway-endpoint.html
upvoted 1 times
...
...
dkp
1 year ago
Selected Answer: BD
ANS B&D CodeArtifact uses Amazon Simple Storage Service (Amazon S3) to store package assets. To pull packages from CodeArtifact, you must create a gateway endpoint for Amazon S3. When your build or deployment process downloads packages from CodeArtifact, it must access CodeArtifact to get package metadata and Amazon S3 to download package assets (for example, Maven .jar files). Note An Amazon S3 endpoint is not needed when using Python or Swift package formats.
upvoted 4 times
...
WhyIronMan
1 year ago
Selected Answer: AD
A,D are correct
upvoted 3 times
...
kyuhuck
1 year, 2 months ago
Selected Answer: AD
'ad' correct = 'AWS codeartiface' operates in multiple availability zones and stores artiface data and metadata in amazon s3 and amazon dynamoDB your encrypted data is redundanly stored across myltiple facilities and multiple devices in each facility, marking it highly availiable and highly durable...
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago