ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified DevOps Engineer - Professional DOP-C02 All Questions

View all questions & answers for the AWS Certified DevOps Engineer - Professional DOP-C02 exam
Go to Exam

Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 343 discussion

Exam question from Amazon's AWS Certified DevOps Engineer - Professional DOP-C02
Question #: 343
Topic #: 1
[All AWS Certified DevOps Engineer - Professional DOP-C02 Questions]

A company uses an AWS CodeArtifact repository to store Python packages that the company developed internally. A DevOps engineer needs to use AWS CodeDeploy to deploy an application to an Amazon EC2 instance. The application uses a Python package that is stored in the CodeArtifact repository. A BeforeInstall lifecycle event hook will install the package.

The DevOps engineer needs to grant the EC2 instance access to the CodeArtifact repository.

Which solution will meet this requirement?

  • A. Create a service-linked role for CodeArtifact. Associate the role with the EC2 instance. Use the aws codeartifact get-authorization-token CLI command on the instance.
  • B. Configure a resource-based policy for the CodeArtifact repository that allows the ReadFromRepository action for the EC2 instance principal.
  • C. Configure ACLs on the CodeArtifact repository to allow the EC2 instance to access the Python package.
  • D. Create an instance profile that contains an IAM role that has access to CodeArtifact. Associate the instance profile with the EC2 instance. Use the aws codeartifact login CLI command on the instance.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by uncledana at Nov. 19, 2024, 11 a.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
GripZA
5 days, 14 hours ago
Selected Answer: B
just like other resource policies, CodeArtifact uses resource-based permissions to control access. Resource-based permissions let you specify who has access to a repository and what actions they can perform on it. By default, only the repository owner has access to a repository so implicit deny unless you apply a policy document that allows other IAM principals to access your repository. https://docs.aws.amazon.com/codeartifact/latest/ug/repo-policies.html
upvoted 1 times
...
Srikantha
3 weeks ago
Selected Answer: D
IAM role with CodeArtifact permissions: You need an IAM role attached to the EC2 instance (via instance profile) that grants permission to read from CodeArtifact. aws codeartifact login sets up your Python environment (e.g., pip) to authenticate to the CodeArtifact repository using temporary credentials tied to the instance’s IAM role. This is the recommended approach to grant secure and scalable access to CodeArtifact from EC2 instances.
upvoted 1 times
...
teo2157
4 months, 1 week ago
Selected Answer: D
Vote for D based on https://docs.aws.amazon.com/codeartifact/latest/ug/security-iam.html
upvoted 4 times
...
tinyshare
4 months, 2 weeks ago
Selected Answer: B
It is the resource allows who can use it, in this case, CodeArtifact. https://docs.aws.amazon.com/codeartifact/latest/ug/repo-policies.html
upvoted 3 times
...
uncledana
5 months, 1 week ago
Selected Answer: D
D. Create an instance profile that contains an IAM role that has access to CodeArtifact. Associate the instance profile with the EC2 instance. Use the aws codeartifact login CLI command on the instance. Explanation: To allow the EC2 instance to access the CodeArtifact repository, the EC2 instance must have the necessary IAM permissions to interact with AWS CodeArtifact. Here’s why option D is the best solution:
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago