AWS Certified DevOps Engineer – Professional (DOP-C02) — Question 374

A company builds container images and stores them on Amazon Elastic Container Registry (Amazon ECR) in the company's primary AWS Region.

A DevOps engineer wants to replicate all the company's ECR repository images to a secondary Region. The DevOps engineer creates a new ECR repository in the secondary Region and configures permission on the new repository to allow replication.

Which solution will meet these requirements with the MOST operational efficiency?

Answer options

• A. Pull the existing primary ECR images and then push the images to the secondary ECR repository. Create a replication rule on the primary ECR registry to replicate the images to the secondary ECR registry.
• B. Pull the existing primary ECR images and then push the images to the secondary ECR repository. Configure permission on the primary ECR registry to allow access from the secondary Region.
• C. Configure permission on the primary ECR registry to allow access from the secondary Region. Create a replication rule on the primary ECR registry to replicate the images to the secondary ECR registry.
• D. Configure an AWS Lambda function to automatically save the ECR images to an Amazon S3 bucket. Configure cross-Region replication for the S3 bucket. Configure a second Lambda function to push the images to ECR repositories in the replication destination Region when images are replicated to the S3 bucket.

Correct answer: C

Explanation

Option C is correct because configuring Amazon ECR native cross-Region replication is the most operationally efficient solution, leveraging built-in registry configurations without manual image handling. Options A and B introduce unnecessary manual steps by requiring the engineer to pull and push images manually. Option D adds significant complexity and operational overhead by introducing AWS Lambda functions and Amazon S3 buckets instead of using native ECR replication features.