Which additional action must the SysOps administrator perform to meet this requirement?

By:
On:
In: SOA-C02
Tagged:
With: 0 Comments
A SysOps administrator is using AWS Systems Manager Patch Manager to patch a fleet of Amazon EC2 instances.The SysOps administrator has configured a patch baseline and a maintenance window.The SysOps administrator also has used an instance tag to identify which instances to patch.The SysOps administrator must give Systems Manager the ability to access the EC2 instances.

Which additional action must the SysOps administrator perform to meet this requirement?

Add an inbound rule to the instances’ security group.

Attach an IAM instance profile with access to Systems Manager to the instances.

Create a Systems Manager activation. Then activate the fleet of instances.

Manually specify the instances to patch instead of using tag-based selection.

Explanations:

Adding an inbound rule to the security group is unnecessary. AWS Systems Manager uses the Systems Manager Agent (SSM Agent) on EC2 instances, which does not require opening inbound ports. It only needs outbound access to the Systems Manager endpoints.

The EC2 instances need an IAM instance profile with permissions to interact with Systems Manager. This allows Systems Manager to communicate with the EC2 instances for patching.

A Systems Manager activation is used for hybrid environments with on-premises servers, not for EC2 instances. EC2 instances are managed through IAM roles and the Systems Manager Agent.

The use of tag-based selection is valid for identifying instances to patch. There is no need to manually specify instances, as Systems Manager can handle tag-based selection for patching.

Leave a Reply

Your email address will not be published. Required fields are marked *

fourteen + six =