A company is using AWS Organizations to create separate AWS accounts for each of its departments. It needs to automate the following tasks:
Updating the Linux AMIs with new patches periodically and generating a golden image
Installing a new version of Chef agents in the golden image, if available
Enforcing the use of the newly generated golden AMIs in the department's account
Which option requires the LEAST management overhead?
A DevOps engineer has automated a web service deployment using AWS CodePipelme with the following steps:
• An AWS CodeBuild project compiles the deployment artifact and runs unit tests.
• An AWS CodeDeploy deployment group deploys the web service to Amazon EC2 instances in the staging environment.
• A CodeDeploy deployment group deploys the web service to EC2 instances in the production environment
The quality assurance (QA) team has asked for permission to inspect the build artifact before the deployment to the production environment occurs. The OA team wants to run an internal automated penetration testing tool (invoked using a REST API call) to run some manual tests.
Which combination of actions will fulfill this request? (Select TWO.)
A company uses federated access for its AWS environment The available roles are created and managed using AWS CloudFormation from a CI/CD pipeline. All changes should be made to the IAM roles through the pipeline. The security team found that changes are being made to the roles out-of-band and would like to detect when this occurs.
Which action will accomplish this?
A web application has been deployed using an AWS Elastic Beanstalk application The Application Developers are concerned that they are seeing high latency in two different areas of the application: HTTP client requests to a third-party API MySQL client library queries to an Amazon RDS database A DevOps Engineer must gather trace data to diagnose the issues. Which steps will gather the trace information with the LEAST amount of changes and performance impacts to the application?