Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 175 discussion

D is correct: Image builder has a built-in that allow updating EC2 launch template A: AWS Systems Manager Run Command document is used for running scripts on EC2, not to update B: Lambda is used for other tasks, not this one C: This seems to be a feasible option, but we can update the launch template directly without using parameter store

Definitely D according to this: https://docs.aws.amazon.com/imagebuilder/latest/userguide/dist-using-launch-template.html

Using Parameter Store as a centralized AMI reference ensures that new instances always use the latest AMI with minimal operational overhead.

I would go with C even when D seems to be the primary choice. In D, you would need to maintain all of the launchTemplateConfigurations in a list, which means there is a lot of overhead. With C this is not the case

Answers B, C, and D can work. I'm leaning towards "D", but I'm witholding a formal vote for now. It appears the "correct" answer may depend on how you interpret requirements. NOT B: EventBridge/Lamba can work, but not as simple as D or C. It DOES "update the launch templates of the company's Auto Scaling groups." NOT C: Answer C can work and is fairly simple, but it DOES NOT "update the launch templates of the company's Auto Scaling groups", because it does not need to, which could be argued is "operationally efficient". YES D: Seems like simple solution. ASG does need to be updated, but I don't know if that means defining someting like an $LATEST AMI alias (pointer) in ASG, or if ASG actually needs to be updated for each new version of Launch template. This solution could be more complex than C:.

C: This involves configuring the launch template to reference the AMI ID stored in the AWS Systems Manager Parameter Store. The EC2 Image Builder pipeline is then set up to update this Parameter Store value each time a new AMI is built. By doing so, the launch template always points to the latest AMI without requiring manual updates each time a new AMI is built. This approach automates the update process and ensures that Auto Scaling groups always use the most recent and secure AMIs, with minimal manual intervention and operational overhead.

ans is D

D is the correct and best practice suggested by aws https://docs.aws.amazon.com/imagebuilder/latest/userguide/dist-using-launch-template.html

answer B

C is not efficiency . https://aws.amazon.com/blogs/compute/tracking-the-latest-server-images-in-amazon-ec2-image-builder-pipelines/

its D, 100% Configure the Image Builder distribution settings to update the launch templates with the newest AMI IConfigure the Auto Scaling groups to use the newest version of the launch template.

add Explanation 'c' cause = chat gpt4.0 = c and i think The most operationally efficient solution is to use AWS systems manager parameter store1 to store the ami di and reference it in the launch template2. this way, the launch template does not nned to be updated event titme a new ami is created by image buider, instead the image builder prpeline, can update the parameter store value with the newest ami id3,j and the auto scaling gorup can launch instances using the lastest value from parameter store

Given these options, C represents the most operationally efficient solution that meets the requirements. It automates the process of using the newest AMIs for EC2 instance launches within Auto Scaling groups by leveraging the AWS Systems Manager Parameter Store and EC2 Image Builder. This method ensures that the Auto Scaling groups always use the latest security-hardened AMIs without needing to manually update launch templates for each new AMI release, thereby streamlining operations and maintaining compliance with the company's security policies.

D is correct. Actually C is also a valid option to pass AMI ID into launch template, but it has lots of limitations and not used in enterprise environment

Answer is D.

D is correct

B seems like an option