What should the SysOps administrator do to meet these requirements as quickly as possible?

By:
On:
In: SOA-C02
Tagged:
With: 0 Comments
A company’s SysOps administrator manages a fleet of hundreds of Amazon EC2 instances that run Windows-based workloads and Linux-based workloads.Each EC2 instance has a tag that identifies its operating system.All the EC2 instances run AWS Systems Manager Session Manager.A zero-day vulnerability is reported, and no patches are available.The company’s security team provides code for all the relevant operating systems to reduce the risk of the vulnerability.The SysOps administrator needs to implement the code on the EC2 instances and must provide a report that shows that the code has successfully run on all the instances.

What should the SysOps administrator do to meet these requirements as quickly as possible?

Use Systems Manager Run Command. Choose either the AWS-RunShellScript document or the AWS-RunPowerShellScript document. Configure Run Command with the code from the security team. Specify the operating system tag in the Targets parameter. Run the command. Provide the command history’s evidence to the security team.

Create an AWS Lambda function that connects to the EC2 instances through Session Manager. Configure the Lambda function to identify the operating system, run the code from the security team, and return the results to an Amazon RDS DB instance. Query the DB instance for the results. Provide the results as evidence to the security team.

Log on to each EC2 instance. Run the code from the security team on each EC2 instance. Copy and paste the results of each run into a single spreadsheet. Provide the spreadsheet as evidence to the security team.

Update the launch templates of the EC2 instances to include the code from the security team in the user data. Relaunch the EC2 instances by using the updated launch templates. Retrieve the EC2 instance logs of each instance. Provide the EC2 instance logs as evidence to the security team.

Explanations:

Using Systems Manager Run Command allows the administrator to execute scripts on all targeted EC2 instances based on their OS tags efficiently. The command history can be used as evidence to demonstrate successful execution across all instances.

While creating a Lambda function can automate the task, it adds unnecessary complexity and latency. It also requires additional steps to query the RDS instance for results, which is not as direct or efficient as using Run Command.

Logging into each EC2 instance individually is time-consuming and prone to human error. This method does not scale well for hundreds of instances and lacks automated reporting features that Run Command provides.

Updating launch templates and relaunching instances is inefficient, especially for existing instances. This approach also does not provide immediate evidence of code execution and would require time for relaunching, which is not suitable for urgent security patches.

Leave a Reply

Your email address will not be published. Required fields are marked *

nineteen − 18 =