AWS Certified CloudOps Engineer Associate SOA-C03 Practice Question
A CloudOps engineer must provide a reliable, code-defined process to produce a patched and hardened Amazon Linux 2 golden AMI every month. After successful compliance tests, the image must automatically be copied to us-east-1 and eu-west-1 and shared with the staging and production AWS accounts. To control storage costs, only the two most recent image versions should be kept in each Region. Which solution meets these requirements with the least operational effort?
Use AWS Systems Manager Patch Manager to patch a long-running EC2 instance each month, then run an Automation workflow to create an AMI, copy it manually to the other Regions, share it through the console, and periodically delete outdated images by hand.
Create a Packer template and invoke it monthly from an AWS CodeBuild project triggered by EventBridge; add custom scripts to copy the AMI to each Region, adjust launch permissions for the other accounts, and schedule a Lambda function to delete older images.
Rely on separate launch templates and Auto Scaling groups in every account and Region, enable Instance Refresh so patched instances replace themselves monthly, and terminate old instances to save costs instead of managing AMIs.
Define an EC2 Image Builder pipeline in AWS CloudFormation that uses build and test components, runs on a monthly schedule, includes a distribution configuration that copies the AMI to us-east-1 and eu-west-1 and shares it with the staging and production accounts, and sets a lifecycle policy to retain only the two latest AMIs.