Topic 1 Question 301
A company uses AWS Systems Manager to manage a fleet of Amazon Linux EC2 instances that have SSM Agent installed. All EC2 instances are configured to use Instance Metadata Service Version 2 (IMDSv2) and are running in the same AWS account and AWS Region. Company policy requires developers to use only Amazon Linux.
The company wants to ensure that all new EC2 instances are automatically managed by Systems Manager after creation.
Which solution will meet these requirements with the MOST operational efficiency?
Create an IAM role that has a trust policy that allows Systems Manager to assume the role. Attach the AmazonSSMManagedEC2InstanceDefaultPolicy policy to the role. Configure the default-ec2-instance-management-role SSM service setting to use the role.
Ensure that AWS Config is set up. Create an AWS Config rule that validates if an EC2 instance has SSM Agent installed. Configure the rule to run on EC2 configuration changes. Configure automatic remediation for the rule to run the AWS-InstallSSMAgent SSM document to install SSM Agent.
Configure Systems Manager Patch Manager. Create a patch baseline that automatically installs SSM Agent on all new EC2 instances. Create a patch group for all EC2 instances. Attach the patch baseline to the patch group. Create a maintenance window and maintenance window task to start installing SSM Agent daily.
Create an EC2 instance role that has a trust policy that allows Amazon EC2 to assume the role. Attach the AmazonSSMManagedInstanceCore policy to the role. Ensure that AWS Config is set up. Use the ec2-instance-profile-attached managed AWS Config rule to validate if an EC2 instance has the role attached. Configure the rule to run on EC2 configuration changes. Configure automatic remediation for the rule to run the AWS-SetupManagedRoleOnEc2Instance SSM document to attach the role to the EC2 instance.
ユーザの投票
コメント(2)
- 正解だと思う選択肢: A
Amazon Linux has the agent already installed. So A perform the rest of the steps to manage the instances using SSM
👍 3ArunRav2024/11/28 - 正解だと思う選択肢: A
- Automatic Role Association:
• AWS Systems Manager supports a default instance management role that is automatically attached to new EC2 instances upon creation.
• By configuring the default-ec2-instance-management-role SSM service setting, any new EC2 instance will automatically be associated with the specified IAM role.
- IAM Role and Policy: • The AmazonSSMManagedEC2InstanceDefaultPolicy provides the necessary permissions for SSM Agent to manage instances, including access to Systems Manager services, Amazon S3, and AWS Config logs.
- Operational Efficiency: • This solution ensures new EC2 instances are automatically registered with Systems Manager without requiring additional manual steps or configuration changes. • It eliminates the need for AWS Config rules, patch baselines, or remediation documents, simplifying the management process.
👍 2Ky_242024/12/15 - Automatic Role Association:
• AWS Systems Manager supports a default instance management role that is automatically attached to new EC2 instances upon creation.
• By configuring the default-ec2-instance-management-role SSM service setting, any new EC2 instance will automatically be associated with the specified IAM role.
シャッフルモード