DOP-C02 · Question #146
DOP-C02 Question #146: Real Exam Question with Answer & Explanation
The correct answer is A: Update the buildspec.yml file to log in to the ECR repository by using the aws ecr get-login-password. When Docker communicates with an Amazon Elastic Container Registry (ECR) repository, it requires authentication. You can authenticate your Docker client to the Amazon ECR registry with the help of the AWS CLI (Command Line Interface). Specifically, you can use the "aws ecr get- l
Question
A company builds a container image in an AWS CodeBuild project by running Docker commands. After the container image is built, the CodeBuild project uploads the container image to an Amazon S3 bucket. The CodeBuild project has an IAM service role that has permissions to access the S3 bucket. A DevOps engineer needs to replace the S3 bucket with an Amazon Elastic Container Registry (Amazon ECR) repository to store the container images. The DevOps engineer creates an ECR private image repository in the same AWS Region of the CodeBuild project. The DevOps engineer adjusts the IAM service role with the permissions that are necessary to work with the new ECR repository. The DevOps engineer also places new repository information into the docker build command and the docker push command that are used in the buildspec.yml file. When the CodeBuild project runs a build job, the job fails when the job tries to access the ECR repository. Which solution will resolve the issue of failed access to the ECR repository?
Options
- AUpdate the buildspec.yml file to log in to the ECR repository by using the aws ecr get-login-password
- BAdd an environment variable of type SECRETS_MANAGER to the CodeBuild project. In the
- CUpdate the ECR repository to be a public image repository. Add an ECR repository policy that allows
- DUpdate the buildspec.yml file to use the AWS CLI to assume the IAM service role for ECR operations.
Explanation
When Docker communicates with an Amazon Elastic Container Registry (ECR) repository, it requires authentication. You can authenticate your Docker client to the Amazon ECR registry with the help of the AWS CLI (Command Line Interface). Specifically, you can use the "aws ecr get- login-password" command to get an authorization token and then use Docker's "docker login" command with that token to authenticate to the registry. You would need to perform these steps in your buildspec.yml file before attempting to push or pull images from/to the ECR repository.
Topics
Community Discussion
No community discussion yet for this question.