AWS Certified Security - Specialty
Get started today
Ultimate access to all questions.
Ultimate access to all questions.
A company is utilizing Amazon Elastic Container Service (Amazon ECS) for their containerized application on AWS. They require assurance that the container images are free from critical vulnerabilities and that access to these images is restricted to specific IAM roles and AWS accounts. What solution provides the least management overhead while meeting these security requirements?
Explanation:
The correct answer is C. Amazon Elastic Container Registry (ECR) with scan on push provides an integrated vulnerability scanning solution to ensure that container images are free from severe vulnerabilities. By publishing the images to ECR repositories in a centralized AWS account and configuring scan on push, the company can automatically scan images for vulnerabilities upon pushing them. Additionally, using a CI/CD pipeline to deploy the images to different AWS accounts ensures streamlined and consistent deployment. Repository policies and identity-based policies can then restrict access to the images to specific IAM roles and accounts, providing both security and ease of management.