Question 13

Domain 2: Configuration Management and Infrastructure as Code

An Amazon EC2 Auto Scaling group manages EC2 instances that were created from an AMI. The AMI has the AWS Systems Manager Agent installed. When an EC2 instance is launched into the Auto Scaling group, tags are applied to the EC2 instance. EC2 instances that are launched by the Auto Scaling group must have the correct operating system configuration. Which solution will meet these requirements?

A. Create a Systems Manager Run Command document that configures the desired instance configuration. Set up Systems Manager Compliance to invoke the Run Command document when the EC2 instances are not in compliance with the most recent patches. B. Create a Systems Manager State Manager association that links to the Systems Manager command document. Create a tag query that runs immediately. C. Create a Systems Manager Run Command task that specifies the desired instance configuration. Create a maintenance window in Systems Manager Maintenance Windows that runs daily. Register the Run Command task against the maintenance window. Designate the targets. D. Create a Systems Manager Patch Manager patch baseline and a patch group that use the same tags that the Auto Scaling group applies. Register the patch group with the patch baseline. Define a Systems Manager command document to patch the instances Invoke the document by using Systems Manager Run Command.

Correct answer: B

Explanation

Systems Manager State Manager is used to maintain instance configuration over time, and an association can target instances by tag. The AWS Systems Manager Agent on the AMI lets the instance receive the association, and a command document can apply the required operating system settings immediately when the tag query runs.

Why each option is right or wrong

Compliance reporting tracks drift or patch status; it is not the primary service for continuous OS configuration enforcement.

B. Create a Systems Manager State Manager association that links to the Systems Manager command document. Create a tag query that runs immediately.

AWS Systems Manager State Manager is the feature that enforces and maintains a desired configuration on managed instances, and an association can target EC2 instances by tag rather than by instance ID. Because the AMI already includes the SSM Agent, the newly launched Auto Scaling instances can register with Systems Manager and immediately receive the association; running the tag query immediately ensures the instances are picked up as soon as the Auto Scaling tags are applied. A Systems Manager command document is the correct mechanism here because it can execute the required OS configuration steps on each matching instance as soon as the association targets them.

C. Create a Systems Manager Run Command task that specifies the desired instance configuration. Create a maintenance window in Systems Manager Maintenance Windows that runs daily. Register the Run Command task against the maintenance window. Designate the targets.

Maintenance Windows run on schedules, so new instances might wait until the next window instead of configuring immediately.

D. Create a Systems Manager Patch Manager patch baseline and a patch group that use the same tags that the Auto Scaling group applies. Register the patch group with the patch baseline. Define a Systems Manager command document to patch the instances Invoke the document by using Systems Manager Run Command.

Patch Manager focuses on patching baselines, not broader operating system configuration settings.

Previous Next