A Company Wants to Use Amazon ECS to Provide a Docker

A company wants to use Amazon ECS to provide a Docker container runtime environment. For compliance reasons, all Amazon EBS volumes used in the ECS cluster must be encrypted. Rolling updates will be made to the cluster instances and the company wants the instances drained of all tasks before being terminated. How can these requirements be met? (Select TWO.)

A) Modify the default ECS AMI user data to create a script that executes docker rm -f {id} for all running container instances. Copy the script to the /etc/init.d/rc.d directory and execute chconfig enabling the script to run during operating system shutdown. Modify the default ECS AMI user data to create a script that executes docker rm -f {id} for all running container instances. Copy the script to the /etc/init.d/rc.d directory and execute chconfig enabling the script to run during operating system shutdown.
B) Use AWS CodePipeline to build a pipeline that discovers the latest Amazon-provided ECS AMI, then copies the image to an encrypted AMI outputting the encrypted AMI ID. Use the encrypted AMI ID when deploying the cluster.
C) Copy the default AWS CloudFormation template that ECS uses to deploy cluster instances. Modify the template resource EBS configuration setting to set 'Encrypted: True' and include the AWS KMS alias: 'aws/ebs' to encrypt the AMI.
D) Create an Auto Scaling lifecycle hook backed by an AWS Lambda function that uses the AWS SDK to mark a terminating instance as DRAINING . Prevent the lifecycle hook from completing until the running tasks on the instance are zero. Create an Auto Scaling lifecycle hook backed by an AWS Lambda function that uses the AWS SDK to mark a terminating instance as DRAINING . Prevent the lifecycle hook from completing until the running tasks on the instance are zero.
E) Create an IAM role that allows the action ECS::EncryptedImage . Configure the AWS CLI and a profile to use this role. Start the cluster using the AWS CLI providing the --use-encrypted-image and --kms-key arguments to the create-cluster ECS command. Create an IAM role that allows the action ECS::EncryptedImage . Configure the AWS CLI and a profile to use this role. Start the cluster using the AWS CLI providing the --use-encrypted-image and --kms-key arguments to the create-cluster ECS command.

Correct Answer:

Verified

Unlock this answer now
Get Access to more Verified Answers free of charge

Access For Free