DOP-C02 Exam Dumps : AWS Certified DevOps Engineer - Professional

To add an automated test in AWS CodePipeline that checks the HTTP response code of a deployed application, the most straightforward and operationally efficient method is to create an AWS Lambda function that makes an HTTP request to the application URL, checks the response code, and then reports success or failure back to CodePipeline.

The Lambda function can be invoked as an action in the pipeline stage.

If the response code is not 200 OK, the Lambda function can return a failure, causing the pipeline stage to fail and halt further execution.

Option A’s CloudWatch synthetic canary monitors are useful for ongoing monitoring but are not natively integrated as CodePipeline actions to control pipeline flow.

Option C incorrectly uses CodeDeploy action for testing, which is not designed for this purpose.

Option D introduces unnecessary complexity by deploying API Gateway and Device Farm, which is not required for a simple HTTP status check. Therefore, option B provides a clean, simple, and fully automated way to enforce HTTP response validation within the pipeline.

Reference from AWS Official Documentation:

AWS CodePipeline Custom Actions: " You can create Lambda invoke actions in your pipeline stages to run custom validation or testing functions. " (AWS CodePipeline User Guide - Lambda Actions)

AWS Lambda Function for Health Checks: " Lambda functions can be used to perform health checks or API response validations and report results back to invoking services. " (AWS Lambda Developer Guide)

Step 1: Storing Docker Images in Amazon ECRDocker images can be large, and storing them in a centralized, scalable location can greatly reduce build times. Amazon Elastic Container Registry (ECR) is a fully managed container registry that stores, manages, and deploys Docker container images.

Action: Store the Docker images in an ECR repository.

Why: Storing Docker images in ECR ensures that Docker images can be reused across multiple builds, improving build performance by avoiding the need to rebuild the images from scratch.

Option A best matches the requirement in the simplest, most direct way:

Systems Manager State Manager is designed to apply and maintain a desired state on managed instances by running associations on a schedule or continuously across targets (for example, “all managed nodes”).

By using a Systems Manager document in the association that installs the antivirus package (and can be written to be idempotent: “install only if not present”), State Manager both detects drift (software missing) and remediates it automatically by reapplying the desired configuration.

This approach automatically covers all instances that are managed by Systems Manager (which is typically the standard requirement for fleet management on Amazon Linux).

Why the others are more overhead or not as direct:

B can work, but it requires building and operating a custom Config rule plus remediation wiring. That’s more components and maintenance than State Manager for a straightforward “ensure software is installed” task.

C Amazon Inspector is a vulnerability management service; it’s not the primary tool for “ensure a specific software package is installed everywhere” and “remediate via SSM doc” as a desired-state control.

D only detects new instances at launch time via CloudTrail RunInstances, and then you still need Inventory correlation logic. It’s more complex and can miss already-running instances unless additional logic is added.