Based on this situation, how should the administrator run the script?
Share and use the Amazon EC2 key pairs to gain access to the servers and run the script.
Put the script into the user data of the instances.
Configure the script to run as a cron job or scheduled task on the EC2 instances.
Use AWS Systems Manager to run the script.
Explanations:
Sharing and using EC2 key pairs for remote access violates the company’s policy of blocking all remote interactive access to production servers. This option would not be compliant with security policies and could expose the servers to unnecessary risks.
While using user data to run scripts at instance launch can be useful, it does not provide a solution for running the script on existing production instances that are already running. User data is only executed during instance startup, not on already running instances.
Configuring a script to run as a cron job or scheduled task on the instances requires initial access to set it up. Since remote interactive access is blocked, the administrator cannot configure cron jobs directly on production servers without violating the policy.
AWS Systems Manager allows administrators to run scripts on EC2 instances without the need for direct interactive access. It provides a secure way to execute commands on instances, making it compliant with the company’s policy to block remote interactive access to production servers.
In my opinion, the answer is:
Use AWS Systems Manager to run the script.