Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Professional SAP-C02 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Professional SAP-C02 exam
Go to Exam

Exam AWS Certified Solutions Architect - Professional SAP-C02 topic 1 question 307 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Professional SAP-C02
Question #: 307
Topic #: 1
[All AWS Certified Solutions Architect - Professional SAP-C02 Questions]

A company uses AWS Organizations to manage a multi-account structure. The company has hundreds of AWS accounts and expects the number of accounts to increase. The company is building a new application that uses Docker images. The company will push the Docker images to Amazon Elastic Container Registry (Amazon ECR). Only accounts that are within the company’s organization should have access to the images.

The company has a CI/CD process that runs frequently. The company wants to retain all the tagged images. However, the company wants to retain only the five most recent untagged images.

Which solution will meet these requirements with the LEAST operational overhead?

  • A. Create a private repository in Amazon ECR. Create a permissions policy for the repository that allows only required ECR operations. Include a condition to allow the ECR operations if the value of the aws:PrincipalOrglD condition key is equal to the ID of the company’s organization. Add a lifecycle rule to the ECR repository that deletes all untagged images over the count of five
  • B. Create a public repository in Amazon ECR. Create an IAM role in the ECR account. Set permissions so that any account can assume the role if the value of the aws:PrincipalOrglD condition key is equal to the ID of the company’s organization. Add a lifecycle rule to the ECR repository that deletes all untagged images over the count of five.
  • C. Create a private repository in Amazon ECR. Create a permissions policy for the repository that includes only required ECR operations. Include a condition to allow the ECR operations for all account IDs in the organization Schedule a daily Amazon EventBridge rule to invoke an AWS Lambda function that deletes all untagged images over the count of five.
  • D. Create a public repository in Amazon ECR. Configure Amazon ECR to use an interface VPC endpoint with an endpoint policy that includes the required permissions for images that the company needs to pull. Include a condition to allow the ECR operations for all account IDs in the company’s organization. Schedule a daily Amazon EventBridge rule to invoke an AWS Lambda function that deletes all untagged images over the count of five.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by KungLjao at Oct. 29, 2023, 2:29 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
AzureDP900
1 week ago
Option A A private repository in Amazon ECR restricts access to only authorized accounts within the company's organization. The permissions policy ensures that only required ECR operations are allowed, reducing operational overhead. The condition in the permissions policy allows ECR operations for accounts within the company's organization, further reducing overhead. Finally, adding a lifecycle rule to delete untagged images over the count of five simplifies image management and reduces storage costs.
upvoted 1 times
...
ftaws
10 months ago
How to associate the policy in ECR repository ? I think A is also wrong....
upvoted 1 times
...
shaaam80
11 months, 4 weeks ago
Answer A. Use ECR Lifecycle policy. Also using OrgId is more scalable with more accounts will be added than adding accounts individually. Less operational overhead.
upvoted 4 times
...
career360guru
1 year ago
Selected Answer: A
A is right option.
upvoted 2 times
...
nublit
1 year ago
Selected Answer: A
Only A is a good idea
upvoted 2 times
...
joleneinthebackyard
1 year ago
Selected Answer: A
B, D: stop reading at "public repository" A: policy specific to aws:PrincipalOrgId equal company's organization ID C: policy allow all account ID (effectively the same actually) but use Eventbridge + lambda while ECR has lifecycle policy.
upvoted 4 times
...
s61
1 year ago
Selected Answer: A
Also A
upvoted 1 times
...
KungLjao
1 year ago
Selected Answer: A
A works for all requirements
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel