AWS Certified DevOps Engineer – Professional — Question 196

A company is using AWS Organizations to create separate AWS accounts for each of its departments. The company needs to automate the following tasks:
✑ Update the Linux AMIs with new patches periodically and generate a golden image
✑ Install a new version of Chef agents in the golden image, if available
✑ Provide the newly generated AMIs to the department's accounts
Which solution meets these requirements with the LEAST management overhead?

Answer options

• A. Write a script to launch an Amazon EC2 instance from the previous golden image. Apply the patch updates. Install the new version of the Chef agent, generate a new golden image, and then modify the AMI permissions to share only the new image with the department's accounts.
• B. Use Amazon EC2 Image Builder to create an image pipeline that consists of the base Linux AMI and components to install the Chef agent. Use AWS Resource Access Manager to share EC2 Image Builder images with the department's accounts.
• C. Use an AWS Systems Manager Automation runbook to update the Linux AMI by using the previous image. Provide the URL for the script that will update the Chef agent. Use AWS Organizations to replace the previous golden image in the department's accounts.
• D. Use Amazon EC2 Image Builder to create an image pipeline that consists of the base Linux AMI and components to install the Chef agent. Create a parameter in AWS Systems Manager Parameter Store to store the new AMI ID that can be referenced by the department's accounts.

Correct answer: B

Explanation

The correct answer is B because Amazon EC2 Image Builder efficiently automates the creation and management of AMIs with the least overhead by using an image pipeline. The other options involve more manual processes or additional complexity, leading to increased management overhead.