Amazon SAP-C02: Secure and scalable containerized solution

Question

A company is planning to migrate an application to AWS. The application runs as a Docker container and uses an NFS version 4 file share. A solutions architect must design a secure and scalable containerized solution that does not require provisioning or management of the underlying infrastructure. Which solution will meet these requirements?

A. Deploy the application containers by using Amazon Elastic Container Service (Amazon ECS) with the Fargate launch type. Use Amazon Elastic File System (Amazon EFS) for shared storage. Reference the EFS file system ID, container mount point, and EFS authorization IAM role in the ECS task definition.
B. Deploy the application containers by using Amazon Elastic Container Service (Amazon ECS) with the Fargate launch type. Use Amazon FSx for Lustre for shared storage. Reference the FSx for Lustre file system ID, container mount point, and FSx for Lustre authorization IAM role in the ECS task definition.
C. Deploy the application containers by using Amazon Elastic Container Service (Amazon ECS) with the Amazon EC2 launch type and auto scaling turned on. Use Amazon Elastic File System (Amazon EFS) for shared storage. Mount the EFS file system on the ECS container instances. Add the EFS authorization IAM role to the EC2 instance profile.
D. Deploy the application containers by using Amazon Elastic Container Service (Amazon ECS) with the Amazon EC2 launch type and auto scaling turned on. Use Amazon Elastic Block Store (Amazon EBS) volumes with Multi-Attach enabled for shared storage. Attach the EBS volumes to ECS container instances. Add the EBS authorization IAM role to an EC2 instance profile.

Answer

A. Deploy the application containers by using Amazon Elastic Container Service (Amazon ECS) with the Fargate launch type. Use Amazon Elastic File System (Amazon EFS) for shared storage. Reference the EFS file system ID, container mount point, and EFS authorization IAM role in the ECS task definition.

Explanation

The question you asked is about how to migrate an application to AWS that runs as a Docker container and uses an NFS version 4 file share. You must design a secure and scalable containerized solution that does not require provisioning or management of the underlying infrastructure. The solution that will meet these requirements is A. Deploy the application containers by using Amazon Elastic Container Service (Amazon ECS) with the Fargate launch type. Use Amazon Elastic File System (Amazon EFS) for shared storage. Reference the EFS file system ID, container mount point, and EFS authorization IAM role in the ECS task definition.

• Amazon ECS is a fully managed container orchestration service that allows you to run and scale Docker containers on AWS. You can use ECS with two launch types: Fargate or EC2. Fargate is a serverless compute engine that abstracts away the underlying infrastructure and lets you focus on your containers. EC2 is a scalable compute service that lets you choose and manage your own EC2 instances for your containers.
• Amazon EFS is a fully managed file storage service that provides a simple, scalable, and elastic NFS file system for use with AWS cloud services and on-premises resources. You can use EFS to share data across multiple containers or instances within a VPC or across multiple VPCs using VPC peering or transit gateway.
• An ECS task definition is a JSON document that describes one or more containers that form your application. It contains parameters such as container image, CPU and memory requirements, environment variables, network mode, volumes, and IAM role.
• By using ECS with Fargate and EFS, you can deploy your application containers without provisioning or managing any servers or clusters. You can also use EFS for shared storage across your containers and leverage its high availability, durability, scalability, and security features. You can reference the EFS file system ID, container mount point, and EFS authorization IAM role in the ECS task definition to enable your containers to access the EFS file system.

The other options are not correct because:

• B. Deploy the application containers by using Amazon ECS with the Fargate launch type. Use Amazon FSx for Lustre for shared storage. Reference the FSx for Lustre file system ID, container mount point, and FSx for Lustre authorization IAM role in the ECS task definition. This option is not correct because Amazon FSx for Lustre is not compatible with NFS version 4 file share. FSx for Lustre is a fully managed file system that provides high-performance storage for compute-intensive workloads such as machine learning, high performance computing (HPC), video processing, and financial modeling. FSx for Lustre supports POSIX-compliant file systems and can be accessed from Linux-based instances using the Lustre client.
• C. Deploy the application containers by using Amazon ECS with the Amazon EC2 launch type and auto scaling turned on. Use Amazon Elastic File System (Amazon EFS) for shared storage. Mount the EFS file system on the ECS container instances. Add the EFS authorization IAM role to the EC2 instance profile. This option is not correct because it requires provisioning or management of the underlying infrastructure. Using ECS with EC2 launch type means that you have to choose and manage your own EC2 instances for your containers. You also have to mount the EFS file system on each ECS container instance manually or using a user data script. This adds complexity and overhead to your solution.
• D. Deploy the application containers by using Amazon ECS with the Amazon EC2 launch type and auto scaling turned on. Use Amazon Elastic Block Store (Amazon EBS) volumes with Multi-Attach enabled for shared storage. Attach the EBS volumes to ECS container instances. Add the EBS authorization IAM role to an EC2 instance profile. This option is not correct because it requires provisioning or management of the underlying infrastructure as well as additional configuration steps for shared storage. Using ECS with EC2 launch type means that you have to choose and manage your own EC2 instances for your containers. Using EBS volumes with Multi-Attach means that you have to enable Multi-Attach on each volume manually or using an API call, attach each volume to up to 16 Nitro-based instances in the same Availability Zone manually or using an API call, format each volume with a supported file system manually or using a user data script, and mount each volume on each instance manually or using a user data script. This adds complexity and overhead to your solution.

In summary, to meet the requirements of a secure and scalable containerized solution without provisioning or managing the underlying infrastructure, while using an NFS version 4 file share, deploying the application containers using Amazon ECS with the Fargate launch type and utilizing Amazon EFS for shared storage is the recommended solution.

Reference

• Amazon ECS task execution IAM role – Amazon Elastic Container Service
• Developers guide to using Amazon EFS with Amazon ECS and AWS Fargate – Part 2 | Containers
• Amazon ECS launch types – Amazon ECS
• AWS Certified Solutions Architect – Professional Certification | AWS Certification | AWS (amazon.com)
• The new Solutions Architect Professional exam: What you should know (acloudguru.com)
• Fargate task definition considerations – Amazon ECS
• Mounting from Amazon Elastic Container Service – FSx for Lustre

Amazon AWS Certified Solutions Architect – Professional SAP-C02 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified Solutions Architect – Professional SAP-C02 exam and earn Amazon AWS Certified Solutions Architect – Professional SAP-C02 certification.