Which combination of actions will meet these requirements?
(Choose three.)
Add the physical machines into AWS Systems Manager using Systems Manager Hybrid Activations.
Attach an IAM role to the EC2 instances, allowing them to be managed by AWS Systems Manager.
Create IAM access keys for the on-premises machines to interact with AWS Systems Manager.
Execute an AWS Systems Manager Automation document to patch the systems every hour.
Use Amazon CloudWatch Events scheduled events to schedule a patch window.
Use AWS Systems Manager Maintenance Windows to schedule a patch window.
Explanations:
Adding physical machines into AWS Systems Manager using Hybrid Activations allows for managing and patching on-premises servers alongside EC2 instances, facilitating standardization across both environments.
Attaching an IAM role to the EC2 instances is necessary for them to interact with AWS Systems Manager. This role provides the required permissions to manage and patch the instances using AWS Systems Manager.
Creating IAM access keys for on-premises machines is not a recommended practice. Instead, using IAM roles and AWS Systems Manager Hybrid Activations is the proper way to manage on-premises systems securely.
Executing an AWS Systems Manager Automation document to patch systems every hour does not adhere to the company’s policy of patching only during non-business hours, which may lead to compliance issues.
While Amazon CloudWatch Events can schedule tasks, they are not ideal for managing patching windows. AWS Systems Manager Maintenance Windows is specifically designed for scheduling patch operations.
Using AWS Systems Manager Maintenance Windows allows the DevOps Engineer to create a defined patch window that adheres to company policy, ensuring patching occurs during non-business hours for both EC2 and on-premises machines.