AWS Certified DevOps Engineer - Professional

Get started today

Ultimate access to all questions.

Quick Answer

Answer-first summary for fast verification

Answer: Configure the ec2-instance-profile-attached AWS Config managed rule with a trigger type of configuration changes. Configure an automatic remediation action that invokes an AWS Systems Manager Automation runbook to attach the default instance profile to the EC2 instances.

The correct answer is B. Configuring the ec2-instance-profile-attached AWS Config managed rule with a trigger type of configuration changes ensures that any changes in the configuration, such as launching or starting EC2 instances without an instance profile, are detected. An automatic remediation action can then be configured using an AWS Systems Manager Automation runbook to attach the default instance profile to non-compliant instances. This solution ensures that both existing and new instances will conform to the company's security policy.

Author: LeetQuiz Editorial Team

Quick Answer

Answer-first summary for fast verification

Author: LeetQuiz Editorial Team

Comments (0)

No comments yet.

In a single AWS account, a company operates numerous Amazon EC2 instances within one AWS Region. These instances are frequently launched and terminated, with some having been active for over a week. The company's security policy mandates that all EC2 instances utilize an EC2 instance profile. If an instance lacks an instance profile, it must default to one without any IAM permissions. A DevOps engineer has identified instances running without an instance profile and noticed that new instances are also being launched without one. What solution ensures that all existing and future EC2 instances in the Region have an instance profile attached?

Exam-Like

Configure an Amazon EventBridge rule that reacts to EC2 RunInstances API calls. Configure the rule to invoke an AWS Lambda function to attach the default instance profile to the EC2 instances.

0.0%

Configure the ec2-instance-profile-attached AWS Config managed rule with a trigger type of configuration changes. Configure an automatic remediation action that invokes an AWS Systems Manager Automation runbook to attach the default instance profile to the EC2 instances.

100.0%

Configure an Amazon EventBridge rule that reacts to EC2 StartInstances API calls. Configure the rule to invoke an AWS Systems Manager Automation runbook to attach the default instance profile to the EC2 instances

Configure the iam-role-managed-policy-check AWS Config managed rule with a trigger type of configuration changes. Configure an automatic remediation action that invokes an AWS Lambda function to attach the default instance profile to the EC2 instances.