A company's security policies require the use of security hardened AMIs in production environments. A DevOps engineer has used EC2 Image Builder to create a pipeline that builds the AMIs on a recurring schedule.
The DevOps engineer needs to update the launch templates of the company's Auto Scaling groups. The Auto Scaling groups must use the newest AMIs during the launch of Amazon EC2 instances.
Which solution will meet these requirements with the MOST operational efficiency?
The solution that provides the most operational efficiency is to configure the Image Builder distribution settings to update the launch templates with the newest AMI. This ensures that the Auto Scaling groups will always launch instances using the latest AMI without requiring manual updates to the launch templates each time a new AMI is created. This method directly leverages the capabilities of Image Builder and automates the process, reducing manual intervention and thereby increasing operational efficiency.
D is correct: Image builder has a built-in that allow updating EC2 launch template A: AWS Systems Manager Run Command document is used for running scripts on EC2, not to update B: Lambda is used for other tasks, not this one C: This seems to be a feasible option, but we can update the launch template directly without using parameter store
Definitely D according to this: https://docs.aws.amazon.com/imagebuilder/latest/userguide/dist-using-launch-template.html
D is correct. Actually C is also a valid option to pass AMI ID into launch template, but it has lots of limitations and not used in enterprise environment
B seems like an option
now that I think twice about it, D seems to be the most operationally efficient. I change my answer to D.
Answer is D.
Given these options, C represents the most operationally efficient solution that meets the requirements. It automates the process of using the newest AMIs for EC2 instance launches within Auto Scaling groups by leveraging the AWS Systems Manager Parameter Store and EC2 Image Builder. This method ensures that the Auto Scaling groups always use the latest security-hardened AMIs without needing to manually update launch templates for each new AMI release, thereby streamlining operations and maintaining compliance with the company's security policies.
add Explanation 'c' cause = chat gpt4.0 = c and i think The most operationally efficient solution is to use AWS systems manager parameter store1 to store the ami di and reference it in the launch template2. this way, the launch template does not nned to be updated event titme a new ami is created by image buider, instead the image builder prpeline, can update the parameter store value with the newest ami id3,j and the auto scaling gorup can launch instances using the lastest value from parameter store
don't trust chat gpt to help you pass exam, studying is the right way. Question says "Which solution will meet these requirements with the MOST operational efficiency?" you are adding more steps than it needs in D. Option C involves using Systems Manager Parameter Store to manage the AMI ID, but it requires manual updates to the Parameter Store value, which may not be as efficient or automated as directly configuring Image Builder to update the launch templates remember that Parameter store is not supported in distribution settings of image builder
its D, 100% Configure the Image Builder distribution settings to update the launch templates with the newest AMI IConfigure the Auto Scaling groups to use the newest version of the launch template.
answer B
D is the correct and best practice suggested by aws https://docs.aws.amazon.com/imagebuilder/latest/userguide/dist-using-launch-template.html
ans is D
D is correct
C is not efficiency . https://aws.amazon.com/blogs/compute/tracking-the-latest-server-images-in-amazon-ec2-image-builder-pipelines/
C: This involves configuring the launch template to reference the AMI ID stored in the AWS Systems Manager Parameter Store. The EC2 Image Builder pipeline is then set up to update this Parameter Store value each time a new AMI is built. By doing so, the launch template always points to the latest AMI without requiring manual updates each time a new AMI is built. This approach automates the update process and ensures that Auto Scaling groups always use the most recent and secure AMIs, with minimal manual intervention and operational overhead.
Answers B, C, and D can work. I'm leaning towards "D", but I'm witholding a formal vote for now. It appears the "correct" answer may depend on how you interpret requirements. NOT B: EventBridge/Lamba can work, but not as simple as D or C. It DOES "update the launch templates of the company's Auto Scaling groups." NOT C: Answer C can work and is fairly simple, but it DOES NOT "update the launch templates of the company's Auto Scaling groups", because it does not need to, which could be argued is "operationally efficient". YES D: Seems like simple solution. ASG does need to be updated, but I don't know if that means defining someting like an $LATEST AMI alias (pointer) in ASG, or if ASG actually needs to be updated for each new version of Launch template. This solution could be more complex than C:.