Question #604
An application uses an Amazon EC2 Auto Scaling group. The operations team observes that EC2 instances are delayed in reaching the 'InService' state during scale-out events due to prolonged execution of the User Data script. The team must reduce the instance initialization time while ensuring the latest application version is always available, all security updates are applied, and the number of custom images is minimized. The solution must also validate images before deployment. Which combination of steps should the team take to meet these requirements? (Choose two.)
Use EC2 Image Builder to create a custom AMI with all required security patches and monitoring agents pre-installed. Update the Auto Scaling group's launch template to reference the new AMI.
Use EC2 Image Builder to create a custom AMI that includes the latest application version, security patches, and runtime dependencies. Update the Auto Scaling group to use this AMI.
Configure AWS CodeDeploy to automatically deploy the most recent application version during the instance initialization phase.
Implement AWS CodePipeline to trigger application deployment directly after instance launch.
Modify the User Data script to remove steps that install security patches and runtime dependencies.
Explanation
Answer A reduces instance initialization time by pre-installing security patches and monitoring agents via a custom AMI created with EC2 Image Builder, which also validates images. Answer C ensures the latest application version is deployed using AWS CodeDeploy during instance initialization, avoiding the need to rebuild AMIs for each app update. Together, they minimize custom AMIs while meeting all requirements.
Options B and D are incorrect: B would require frequent AMI rebuilds for app updates, increasing custom images, while D does not address deployment during initialization. Option E is invalid as removing security steps without pre-installing them would violate requirements.
Answer
The correct answer is: AC