Exam AWS Certified DevOps Engineer - Professional DOP-C02 topic 1 question 21 discussion

The question wants you to know which solution is the easiest to maintain. It's important not to get thrown by information provided about their current environment. Only the question they ask matters. The question asks which solution is the easiest to "maintain". The question did not ask whether it would be easy to transition from one solution to another or ask you to leverage containers like other parts of their environment. As a managed service, AWS CodeBuild does not require patching and upgrading. AWS CodeBuild, using Amazon S3, provides automatic artifact encryption. So this solution is the easiest to maintain of all the solutions listed. https://docs.aws.amazon.com/codebuild/latest/userguide/welcome.html https://docs.aws.amazon.com/codebuild/latest/userguide/security-encryption.html

While B will require less changes to the build process I assume AWS is promoting managed services here and expects D answer.

Option B is the best, provides a solution that improves the maintainability of the Jenkins infrastructure by migrating it to a managed service like ECS, while also addressing the build artifact encryption requirement by utilizing the secure and default-encrypted storage of Amazon S3. Thinking in your deployment process in jenkins and change to codebuild, can be a difficult work to do. Change only the platform for ec2 to ecs you don't need to sustain patching and updates in ECS. And preserve your artifact on S3.

The answer is B Containerized Jenkins on ECS: By deploying Jenkins on Amazon ECS (Elastic Container Service), you can leverage containerized environments to easily scale and manage Jenkins. This reduces the operational overhead of patching and upgrading EC2 instances running Jenkins. Artifact Storage with Encryption:Storing build artifacts in Amazon S3 with default encryption enabled ensures that all files in the bucket are automatically encrypted at rest using either SSE-S3 or SSE-KMS. This complies with the requirement to protect intellectual property by ensuring encryption of artifacts. This approach ensures a fully managed and scalable solution for both Jenkins (containerized) and the artifact storage, aligning with best practices for security and compliance.

while option D could be easier for simple projects or when starting from scratch, it may not be the most maintainable solution for a company that already has a significant investment in Jenkins. Option B provides a balanced approach, leveraging Jenkins' capabilities while improving infrastructure management and security.

AWS codebuild use kms encryption key by default

"D" for me based on sb333's comments, etc.

D isn't cost effective, but most maintainable

Answer is D AWS CodeBuild can be seamlessly integrated with containerized applications deployed on Amazon ECS. AWS CodeBuild utilizes multiple layers of encryption to safeguard your data at rest, in transit, and during execution.

D Seems the best option

D is correct: codebuild has encryption by default -> easiest to maintain A: No mention of encrypting build artifacts B: Amazon S3 excryption only protect data at rest, not encrypting the data C: Using both AWS codepipline and AWS secret manager incurs more costs and makes maintenance much more difficult

D is the right answer

D is the right answer

B is the answer . The ask is not to re engineer the whole solution it's just a simple task which needs encrypt the artifact. Jenkins on Amazon ECS: Running Jenkins in an Amazon ECS cluster allows you to containerize your Jenkins setup, making it easier to manage and scale. ECS offers high availability, scalability, and easy maintenance. Normally Jenkin should run on ECS so it can handle multiple agents while use S3 as the default encryption.

MOST maintainable manner is repacing jenkins with Codebuild a fully managed service If the question had been with minimal chnage to the envornment then B would be best

Answer is D: MOST maintainable manner/managed service is the key word and there is no need to patch and upgrade. There is ECS with EC2 instances and ECS with fargate and the question is not explicit. Hence maintenance wise, a managed service is the way to go. https://jenkinshero.com/jenkins-vs-aws-codebuild-for-building-docker-images/

Technically CodeBuild runs on a VM… albeit disposable. Switching on EC2 24/7 is not cost effective either.