Which solution will meet these requirements?
Create a Systems Manager Run Command document that configures the desired instance configuration. Set up Systems Manager Compliance to invoke the Run Command document when the EC2 instances are not in compliance with the most recent patches.
Create a Systems Manager State Manager association that links to the Systems Manager command document. Create a tag query that runs immediately.
Create a Systems Manager Run Command task that specifies the desired instance configuration. Create a maintenance window in Systems Manager Maintenance Windows that runs daily. Register the Run Command task against the maintenance window. Designate the targets.
Create a Systems Manager Patch Manager patch baseline and a patch group that use the same tags that the Auto Scaling group applies. Register the patch group with the patch baseline. Define a Systems Manager command document to patch the instances Invoke the document by using Systems Manager Run Command.
Explanations:
While creating a Systems Manager Run Command document to configure instances is a valid approach, it does not specifically ensure ongoing compliance with the correct operating system configuration upon instance launch. Compliance checks typically require regular evaluation rather than a one-time command execution.
This option involves creating a Systems Manager State Manager association that can enforce the desired state on EC2 instances as they launch. It uses tags for query, ensuring that only instances with the correct tags receive the intended configuration immediately. This meets the requirement of having the correct operating system configuration upon launch.
Although creating a Systems Manager Run Command task and a maintenance window can be beneficial for managing configurations, it does not ensure immediate compliance of instances upon their launch. This approach focuses on scheduled tasks rather than real-time compliance during instance startup.
This option pertains to patch management rather than initial configuration management. It addresses patch compliance but does not ensure that the operating system configuration is correct at the time of instance launch. Therefore, it does not meet the requirement of having the correct operating system configuration for newly launched instances.
I have a feeling that the answer is:
Create a Systems Manager State Manager association that links to the Systems Manager command document. Create a tag query that runs immediately.