A company uses AWS CodeBuild to run security scans on code. The scan requires access to a private Amazon ECR repository for downloading scanning tools. The CodeBuild project is configured with a VPC and uses an IAM role. However, the build fails with 'Error: unable to pull image from registry.' Which TWO steps should be taken to resolve this?
These permissions are required to pull images from ECR.
Why this answer
Options A and C are correct. The error suggests the build environment cannot authenticate or reach ECR. Adding ECR permissions to the IAM role allows pulling images.
Configuring VPC endpoints allows the build to reach ECR privately without NAT. Option B is unnecessary if the build already has a VPC. Option D is for public access, but the repository is private.
Option E is about KMS, not related.