Question 8
Domain 1: SDLC AutomationA DevOps administrator is configuring a repository to store a company's container images. The administrator needs to configure a lifecycle rule that automatically deletes container images that have a specific tag and that are older than 15 days. Which solution will meet these requirements with the MOST operational efficiency?
Correct answer: A
Explanation
Amazon ECR supports repository-level lifecycle policies that can “expire images” based on tag patterns and age, so it fits the requirement to delete images with a specific tag after 15 days. Using a lifecycle policy is the most operationally efficient option because it automates cleanup without manual intervention.
Why each option is right or wrong
A. Create a repository in Amazon Elastic Container Registry (Amazon ECR). Add a lifecycle policy to the repository to expire images that have the matching tag after 15 days.
Amazon ECR supports repository lifecycle policies under the Amazon ECR lifecycle policy API, which can match images by tag status/tag prefix and apply an expiration rule based on image age in days. In this case, a rule set to expire images with the specified tag after 15 days satisfies the exact retention condition, and ECR performs the deletion automatically without any custom scripts or manual cleanup.
B. Create a repository in AWS CodeArtifact. Add a repository policy to the CodeArtifact repository to expire old assets that have the matching tag after 15 days.
CodeArtifact is for software package artifacts, not container image lifecycle management.
C. Create a bucket in Amazon S3. Add a bucket lifecycle policy to expire old objects that have the matching tag after 15 days
S3 lifecycle rules manage objects, but S3 is not a container registry with image tag semantics.
D. Create an EC2 Image Builder container recipe. Add a build component to expire the container that has the matching tag after 15 days.
EC2 Image Builder creates images; it is not the native service for expiring stored container images.