Your company owns an on-premises Ubuntu server in a local data center where several legacy applications are running.
You want to use AWS CodeDeploy to deploy new application revisions to this particular on-premises instance but firstly you need to register the server in CodeDeploy and use an IAM user to perform the authentication.
Which of the following methods is the most appropriate?
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer - C.
Option A is incorrect because when working with on-premises instances for CodeDeploy, the AWS CLI command register can only register an IAM user instead of an IAM role for the authentication.
Option B is incorrect because the server cannot be registered automatically.
You will need to use the register command to register the on-premises instance.
Option C is CORRECT because the register command can create an IAM user for the server and register the server with CodeDeploy.
The following is an example:
aws deploy register --instance-name AssetTag12010298EX --tags Key=Name,Value=CodeDeployDemo-OnPrem --region us-west-2
Option D is incorrect because the tag-resource CLI command is used to associate a list of tags with the resources and cannot register the on-premises servers with CodeDeploy.
Reference:
https://docs.aws.amazon.com/codedeploy/latest/userguide/on-premises-instances-register.html, https://docs.aws.amazon.com/codedeploy/latest/userguide/instances-on-premises-register-instance.html.The most appropriate method to register an on-premises server with CodeDeploy using an IAM user is to:
A. Create an IAM role for the on-premises server and assign the CodeDeploy permissions to the role. Use the register AWS CLI command to bind the IAM role with the server.
Explanation:
CodeDeploy is a fully managed deployment service provided by AWS that automates the deployment of applications to instances, on-premises servers, Amazon EC2 instances, AWS Lambda functions, and even containers. CodeDeploy uses agents installed on the instances and servers that communicate with the CodeDeploy service. To use CodeDeploy with an on-premises server, you need to install the CodeDeploy agent on the server and register it with the CodeDeploy service.
To register an on-premises server with CodeDeploy and use an IAM user for authentication, you need to follow these steps:
Create an IAM role for the on-premises server and assign the CodeDeploy permissions to the role:
Install the CodeDeploy agent on the on-premises server:
Use the register AWS CLI command to bind the IAM role with the server:
aws deploy register --instance-name <name> --iam-user-arn <IAM role ARN>Using an IAM role for authentication is a more secure and manageable approach than using an IAM user. IAM roles provide temporary credentials that are automatically rotated and can be restricted to specific resources or actions, reducing the risk of credential compromise. IAM users, on the other hand, require permanent credentials that must be managed and rotated manually.
Option B is not the most appropriate method because including an IAM user in the CodeDeploy configuration file is not a secure way to authenticate with CodeDeploy. IAM users have permanent credentials that can be compromised and do not provide the same level of security as IAM roles.
Option C is not the most appropriate method because using the "deploy register" command does not create an IAM user but registers the server with CodeDeploy using the default IAM role. It also requires saving the IAM credentials on the server, which can be risky.
Option D is not the most appropriate method because the "deploy tag-resource" command is used to tag instances or servers for grouping and does not create an IAM user. It also does not provide a secure way to authenticate with CodeDeploy.