AWS Certified DevOps Engineer - Professional
Get started today
Ultimate access to all questions.
Comments
Loading comments...
Ultimate access to all questions.
In a single AWS account, a company operates numerous Amazon EC2 instances within one AWS Region. These instances are frequently launched and terminated, with some having been active for over a week. The company's security policy mandates that all EC2 instances utilize an EC2 instance profile. If an instance lacks an instance profile, it must default to one without any IAM permissions. A DevOps engineer has identified instances running without an instance profile and noticed that new instances are also being launched without one. What solution ensures that all existing and future EC2 instances in the Region have an instance profile attached?
A
Configure an Amazon EventBridge rule that reacts to EC2 RunInstances API calls. Configure the rule to invoke an AWS Lambda function to attach the default instance profile to the EC2 instances.
B
Configure the ec2-instance-profile-attached AWS Config managed rule with a trigger type of configuration changes. Configure an automatic remediation action that invokes an AWS Systems Manager Automation runbook to attach the default instance profile to the EC2 instances.
C
Configure an Amazon EventBridge rule that reacts to EC2 StartInstances API calls. Configure the rule to invoke an AWS Systems Manager Automation runbook to attach the default instance profile to the EC2 instances
D
Configure the iam-role-managed-policy-check AWS Config managed rule with a trigger type of configuration changes. Configure an automatic remediation action that invokes an AWS Lambda function to attach the default instance profile to the EC2 instances.