A company uses AWS CodeBuild to build a container image using Docker commands and initially stores the image in an Amazon S3 bucket, which the CodeBuild project's IAM service role has access to. The DevOps engineer now needs to store the container images in an Amazon Elastic Container Registry (Amazon ECR) repository instead. The engineer creates a private ECR repository in the same AWS Region as the CodeBuild project, adjusts the IAM service role permissions for ECR access, and updates the docker build and docker push commands in the buildspec.yml file with the new repository information. Despite these changes, the CodeBuild job fails when attempting to access the ECR repository. What solution will successfully resolve the issue of failed access to the ECR repository?

Exam-Like

Update the buildspec.yml file to log in to the ECR repository by using the aws ecr get-login-password AWS CLI command to obtain an authentication token. Update the docker login command to use the authentication token to access the ECR repository.

66.7%

Add an environment variable of type SECRETS_MANAGER to the CodeBuild project. In the environment variable, include the ARN of the CodeBuild project's IAM service role. Update the buildspec.yml file to use the new environment variable to log in with the docker login command to access the ECR repository._

0.0%

Update the ECR repository to be a public image repository. Add an ECR repository policy that allows the IAM service role to have access.

0.0%

Update the buildspec.yml file to use the AWS CLI to assume the IAM service role for ECR operations. Add an ECR repository policy that allows the IAM service role to have access.

33.3%

AWS Certified DevOps Engineer - Professional

Get started today

Comments