ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 131 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 131
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company builds a container image in an AWS CodeBuild project by running Docker commands. After the container image is built, the CodeBuild project uploads the container image to an Amazon S3 bucket. The CodeBuild project has an IAM service role that has permissions to access the S3 bucket.

A DevOps engineer needs to replace the S3 bucket with an Amazon Elastic Container Registry (Amazon ECR) repository to store the container images. The DevOps engineer creates an ECR private image repository in the same AWS Region of the CodeBuild project. The DevOps engineer adjusts the IAM service role with the permissions that are necessary to work with the new ECR repository. The DevOps engineer also places new repository information into the docker build command and the docker push command that are used in the buildspec.yml file.

When the CodeBuild project runs a build job, the job fails when the job tries to access the ECR repository.

Which solution will resolve the issue of failed access to the ECR repository?

  • A. Update the buildspec.yml file to log in to the ECR repository by using the aws ecr get-login-password AWS CLI command to obtain an authentication token. Update the docker login command to use the authentication token to access the ECR repository.
  • B. Add an environment variable of type SECRETS_MANAGER to the CodeBuild project. In the environment variable, include the ARN of the CodeBuild project's IAM service role. Update the buildspec.yml file to use the new environment variable to log in with the docker login command to access the ECR repository.
  • C. Update the ECR repository to be a public image repository. Add an ECR repository policy that allows the IAM service role to have access.
  • D. Update the buildspec.yml file to use the AWS CLI to assume the IAM service role for ECR operations. Add an ECR repository policy that allows the IAM service role to have access.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by tartarus23 at June 20, 2023, 9:05 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
tartarus23
Highly Voted 1 year, 4 months ago
Selected Answer: A
(A) When Docker communicates with an Amazon Elastic Container Registry (ECR) repository, it requires authentication. You can authenticate your Docker client to the Amazon ECR registry with the help of the AWS CLI (Command Line Interface). Specifically, you can use the "aws ecr get-login-password" command to get an authorization token and then use Docker's "docker login" command with that token to authenticate to the registry. You would need to perform these steps in your buildspec.yml file before attempting to push or pull images from/to the ECR repository.
upvoted 8 times
...
haazybanj
Highly Voted 1 year, 3 months ago
Selected Answer: A
A: When using Amazon ECR, you need to authenticate Docker to the ECR registry before pushing or pulling container images. The authentication token can be obtained using the aws ecr get-login-password AWS CLI command. The obtained token needs to be used with the docker login command to authenticate Docker to the ECR repository. By following this approach, the CodeBuild project will have the necessary credentials to access the ECR repository, and the build job will be able to push the container image to the ECR repository successfully.
upvoted 5 times
...
thanhnv142
Most Recent 8 months, 3 weeks ago
Selected Answer: A
A is correct: <the job fails when the job tries to access the ECR repository.> This means there is problem when accessing the repo. <adjusts the IAM service role with the permissions that are necessary to work with the new ECR repository> means have got sufficient permission. Need token to access with aws ecr get-login-password command BCD no mention of ecr get-login-password
upvoted 4 times
...
ixdb
1 year, 2 months ago
Selected Answer: A
A is right.
upvoted 3 times
...
CirusD
1 year, 3 months ago
A..version: 0.2 phases: pre_build: commands: - $(aws ecr get-login --no-include-email --region region-name) build: commands: - docker build -t repository-name . - docker tag repository-name:latest repository-uri:latest post_build: commands: - docker push repository-uri:latest
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago