AWS Certified DevOps Engineer – Professional (DOP-C02) — Question 344
A company's DevOps team uses Node Package Manager (NPM) open source libraries to build applications. The DevOps team runs its application build process in an AWS CodeBuild project that downloads the NPM libraries from public NPM repositories.
The company wants to host the NPM libraries in private NPM repositories. The company also needs to be able to run checks on new versions of the libraries before the DevOps team uses the libraries.
Which solution will meet these requirements with the LEAST operational effort?
Answer options
- A. Create an AWS CodeArtifact repository with an upstream repository named npm-store. Configure the application build process to use the CodeArtifact repository as the default source for NPM. Create an AWS CodePipeline pipeline to perform the required checks on package versions in the CodeArtifact repository. Set the package status to unlisted if a failure occurs.
- B. Enable Amazon S3 caching in the CodeBuild project configuration. Add a step in the buildspec.yaml config file to perform the required checks on the package versions in the cache.
- C. Create an AWS CodeCommit repository for each library. Clone the required NPM libraries to the appropriate CodeCommit repository. Modify the CodeBuild appspec.yaml config file to use the private CodeCommit repositories. Add a step to perform the required checks on the package versions.
- D. Create an AWS CodeCommit repository for each library. Clone the required NPM libraries to the appropriate CodeCommit repository. Modify the CodeBuild buildspec.yaml config file so that NPM uses the private CodeCommit repositories. Add an AWS CodePipeline pipeline that performs the required checks on the package versions for each new commit to the repositories. Configure the pipeline to revert to the most recent commit in the event of a failure.
Correct answer: A
Explanation
AWS CodeArtifact is a fully managed artifact repository service that natively supports NPM, making it the ideal choice to host private packages and proxy public ones via upstream repositories with minimal operational overhead. Using AWS CodePipeline to automatically run validation checks and update the package status to 'unlisted' ensures only approved library versions are used by developers. Other options involving CodeCommit require high maintenance overhead for managing individual repositories per package, and CodeBuild caching is not a secure or robust private package hosting solution.