Exam AWS DevOps Engineer Professional topic 1 question 92 discussion

Pretty sure B would work, but D is the most sustainable solution.

Correct answer is D. All options can work but the key part of the question is finding the solution that will be the MOST maintainable. AWS CodeBuild provides a fully managed build service which eliminates the need to set up, patch, and maintain your own build servers, which Jenkins on Amazon EC2 requires. AWS CodeBuild is essentially a "serverless" build service, where you only pay for the build time you use, and it scales automatically to meet the needs of your builds. CodeBuild also has built-in support for producing encrypted build artifacts. This would satisfy the compliance officer's request for encrypting build artifacts containing intellectual property. By managing both the build process and artifact encryption within a single service, the solution remains simple and maintainable.

Correct answer is B... containerized ::: ECS would be the best and most maintainable.. We don't have to replace jenkins, company is already using jenkins man..

B deploying Jenkins to an Amazon ECS cluster and copying build artifacts to an Amazon S3 bucket with default encryption enabled provides a straightforward solution that aligns with the current workflow and requires minimal changes. This option provides a more maintainable solution that satisfies the compliance officer's request for encrypting build artifacts.

D is the correct answer.

B = " MOST maintainable manner"

https://docs.aws.amazon.com/codebuild/latest/userguide/security-encryption.html

D is the correct answer.

Build artifact encryption - CodeBuild requires access to an AWS KMS CMK in order to encrypt its build output artifacts. By default, CodeBuild uses an AWS Key Management Service CMK for Amazon S3 in your AWS account. If you do not want to use this CMK, you must create and configure a customer-managed CMK.