A company is operating a containerized application on Amazon ECS using EC2 instances within an Auto Scaling group. They store container images in Amazon ECR, which are tagged uniquely upon new version uploads. The company requires a solution to automatically scan new image versions for vulnerabilities and delete tags with Critical or High severity findings, while also notifying the development team of such deletions. Which solution meets these requirements?

Exam-Like

Set up 'scan on push' for the repository. Utilize Amazon EventBridge to trigger an AWS Step Functions state machine upon scan completion for images with Critical or High severity findings. Employ the state machine to remove the image tags and notify the development team via Amazon SNS.

71.4%

Enable 'scan on push' for the repository. Direct scan results to an Amazon SQS queue. Use an AWS Lambda function to respond to new messages in the queue, deleting image tags for images with Critical or High severity findings, and notify the development team through Amazon SES.

28.6%

Automate an AWS Lambda function to initiate a manual image scan hourly. Configure Amazon EventBridge to activate another Lambda function upon scan completion, which deletes image tags for images with Critical or High severity findings, and inform the development team using Amazon SNS.

0.0%

Implement periodic image scanning for the repository. Route scan results to an Amazon SQS queue. Leverage an AWS Step Functions state machine to react to new messages in the queue, removing image tags for images with Critical or High severity findings, and alert the development team via Amazon SES.

0.0%

AWS Certified Solutions Architect - Professional

Get started today

Comments