What must the SysOps administrator do to resolve this issue?
Connect to each instance by using SSH. Install Systems Manager Agent on each instance. Configure Systems Manager Agent to start automatically when the instances start up.
Use AWS Certificate Manager (ACM) to create a TLS certificate. Import the certificate into each instance. Configure Systems Manager Agent to use the TLS certificate for secure communications.
Connect to each instance by using SSH. Create an ssm-user account. Add the ssm-user account to the /etc/sudoers.d directory.
Attach an IAM instance profile to the instances. Ensure that the instance profile contains the AmazonSSMManagedInstanceCore policy.
Explanations:
The Systems Manager Agent (SSM Agent) is already installed on Amazon Linux 2 AMIs by default. Manual installation is not required.
AWS Certificate Manager (ACM) is not needed to manage communication between EC2 instances and Systems Manager. The issue is related to permissions and instance setup, not certificates.
Creating anssm-useraccount and modifying sudoers does not address the root cause. The instances are not appearing because they are not properly linked with Systems Manager due to missing IAM permissions.
The missing IAM instance profile and the necessary AmazonSSMManagedInstanceCore policy are required for Systems Manager to manage EC2 instances. This ensures proper permissions for communication with Systems Manager.