Which solution will meet these requirements with the LEAST operational effort?
Use AWS Shield to identify and manage security events.
Connect to each server by using a remote desktop connection. Run an update script.
Use the AWS Systems Manager Patch Manager capability.
Schedule Amazon GuardDuty to run on a nightly basis.
Explanations:
AWS Shield is a service designed to protect applications from DDoS attacks. It does not automate security updates for operating systems or applications and is not relevant to the requirement of managing updates.
Manually connecting to each server and running an update script is labor-intensive and does not scale well, especially in an environment with multiple EC2 instances, Lightsail, and on-premises servers. This method introduces significant operational effort.
AWS Systems Manager Patch Manager automates the process of patching operating systems and applications across various environments (including EC2 instances and on-premises servers) with minimal operational effort. It can manage patches based on defined schedules and compliance levels, making it the most efficient solution for the requirement.
Amazon GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior. While important for security, it does not automate the process of applying security updates to systems and applications.