Answer-first summary for fast verification
Answer: Use AWS Systems Manager Run Command to run a custom command that applies the patch to all EC2 instances.
## Explanation **Correct Answer: D - Use AWS Systems Manager Run Command to run a custom command that applies the patch to all EC2 instances.** ### Why this is the best solution: 1. **Third-party software patching**: AWS Systems Manager Patch Manager is designed for patching operating systems and AWS-provided software, but for third-party software, you typically need custom patching procedures. Run Command allows you to execute custom scripts or commands across multiple instances. 2. **Speed requirement**: The question emphasizes "as quickly as possible." Run Command can execute commands across all 1,000 instances simultaneously, making it the fastest option. 3. **Scale**: Managing 1,000 EC2 instances requires an automated, scalable solution. Run Command is designed for this exact purpose. ### Analysis of other options: **A. Create an AWS Lambda function to apply the patch to all EC2 instances.** - While possible, this is more complex and requires additional development work - Lambda functions have execution time limits that might be problematic for patching 1,000 instances - Not the most efficient or AWS-recommended approach for this specific use case **B. Configure AWS Systems Manager Patch Manager to apply the patch to all EC2 instances.** - Patch Manager is excellent for OS and AWS software patches - However, for third-party software, it may not have the necessary patch definitions - The question specifies "third-party software," making this less suitable **C. Schedule an AWS Systems Manager maintenance window to apply the patch to all EC2 instances.** - Maintenance windows are for scheduling operations during specific timeframes - While you could use maintenance windows with Run Command, the question asks for the quickest approach - Scheduling implies waiting for a maintenance window, which contradicts "as quickly as possible" ### Key AWS Services Knowledge: - **AWS Systems Manager Run Command**: Execute commands at scale on EC2 instances and on-premises servers - **AWS Systems Manager Patch Manager**: Automate patching of operating systems and applications - **AWS Systems Manager Maintenance Windows**: Schedule operations during specific timeframes - **AWS Lambda**: Serverless compute service, not optimized for mass EC2 instance management ### Best Practice Recommendation: For patching third-party software quickly across many instances, use Systems Manager Run Command with a custom script that applies the specific patch required for the third-party software vulnerability.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company has a production workload that runs on 1,000 Amazon EC2 Linux instances. The workload is powered by third-party software. The company needs to patch the third-party software on all EC2 instances as quickly as possible to remediate a critical security vulnerability.
What should a solutions architect do to meet these requirements?
A
Create an AWS Lambda function to apply the patch to all EC2 instances.
B
Configure AWS Systems Manager Patch Manager to apply the patch to all EC2 instances.
C
Schedule an AWS Systems Manager maintenance window to apply the patch to all EC2 instances.
D
Use AWS Systems Manager Run Command to run a custom command that applies the patch to all EC2 instances.