How can the deployments of the operating system and application patches be automated using a default and custom repository?

By:
On:
In: DOP-C01
Tagged:
With: 0 Comments
A company that uses electronic health records is running a fleet of Amazon EC2 instances with an Amazon Linux operating system.As part of patient privacy requirements, the company must ensure continuous compliance for patches for operating system and applications running on the EC2 instances.

How can the deployments of the operating system and application patches be automated using a default and custom repository?

Use AWS Systems Manager to create a new patch baseline including the custom repository. Run the AWS-RunPatchBaseline document using the run command to verify and install patches.

Use AWS Direct Connect to integrate the corporate repository and deploy the patches using Amazon CloudWatch scheduled events, then use the CloudWatch dashboard to create reports.

Use yum-config-manager to add the custom repository under /etc/yum.repos.d and run yum-config-manager-enable to activate the repository.

Use AWS Systems Manager to create a new patch baseline including the corporate repository. Run the AWS-AmazonLinuxDefaultPatchBaseline document using the run command to verify and install patches.

Explanations:

This option correctly uses AWS Systems Manager to create a patch baseline that includes a custom repository, allowing for automated verification and installation of patches using the AWS-RunPatchBaseline document. This approach ensures compliance with patching requirements for both the operating system and applications.

AWS Direct Connect is used for establishing a dedicated network connection, not for patch management. While integrating a corporate repository is mentioned, it does not address the automation of patch deployment effectively, and CloudWatch is not suitable for this purpose.

While yum-config-manager can indeed be used to add and enable custom repositories, this option lacks automation and doesn’t integrate with AWS Systems Manager, which is necessary for continuous compliance and patch management. It requires manual execution, which doesn’t fulfill the requirement for automated deployments.

Although AWS Systems Manager can create patch baselines, this option incorrectly specifies the use of the corporate repository rather than the custom repository, which is necessary for compliance with the specific requirements. The mention of the default patch baseline does not align with the need for a custom solution.

Leave a Reply

Your email address will not be published. Required fields are marked *

sixteen − thirteen =