Ultimate access to all questions.
A company utilizes AWS Organizations for managing a multi-account structure, encompassing hundreds of AWS accounts with expectations of further growth. The company is developing a new application that relies on Docker images, which will be pushed to Amazon Elastic Container Registry (Amazon ECR). Access to these images should be restricted to accounts within the company's AWS Organization. The company maintains a frequent CI/CD process and wishes to retain all tagged images, but only the five most recent untagged images. What solution offers the least operational overhead to meet these requirements?
A
Establish a private repository in Amazon ECR. Implement a permissions policy for the repository that permits only necessary ECR operations, with a condition allowing these operations if the aws:PrincipalOrgID condition key matches the company's organization ID. Incorporate a lifecycle rule in the ECR repository to remove untagged images beyond the five most recent.
B
Set up a public repository in Amazon ECR. Create an IAM role within the ECR account, granting permissions for any account to assume the role if the aws:PrincipalOrgID condition key matches the company's organization ID. Include a lifecycle rule in the ECR repository to delete untagged images beyond the five most recent.
C
Create a private repository in Amazon ECR. Develop a permissions policy for the repository that allows only necessary ECR operations, with a condition permitting these operations for all account IDs within the organization. Schedule a daily Amazon EventBridge rule to trigger an AWS Lambda function that deletes untagged images beyond the five most recent.
D
Configure a public repository in Amazon ECR. Set up an interface VPC endpoint for Amazon ECR with an endpoint policy that includes the necessary permissions for image pulls required by the company. Include a condition allowing ECR operations for all account IDs within the company's organization. Schedule a daily Amazon EventBridge rule to activate an AWS Lambda function that removes untagged images beyond the five most recent.