Answer-first summary for fast verification
Answer: Attach the AmazonSSMManagedInstanceCore AWS managed policy to the EC2 instance profile that is associated with the instances.
For Amazon EC2 instances to be managed by AWS Systems Manager, the instances must have the Systems Manager Agent installed, outbound internet access (or VPC endpoints) to reach the Systems Manager service, and the necessary IAM permissions. The `AmazonSSMManagedInstanceCore` managed policy provides the required permissions for the SSM Agent to communicate with Systems Manager.
Author: Ritesh Yadav
Ultimate access to all questions.
Question #28
A company wants to use AWS Systems Manager to manage a large fleet of Amazon EC2 instances. The company hosts the instances in private subnets. The company follows the principle of least privilege to assign access permissions. All private subnets have internet connectivity through a NAT gateway.
A CloudOps engineer installs the latest version of the Systems Manager Agent (SSM Agent). However, the EC2 instances do not appear in Systems Manager Fleet Manager. The CloudOps engineer must resolve this issue.
Which solution will meet this requirement?
A
Replace the NAT gateway with a NAT instance that is deployed in the public subnet. Update the private subnet's route table to use the NAT instance.
B
Create a VPC endpoint for Systems Manager. Remove routes to the internet through the NAT gateway from the private subnet's route table.
C
Attach the AmazonSSMManagedInstanceCore AWS managed policy to the EC2 instance profile that is associated with the instances.
D
Attach a custom policy that allows all actions to ssh:* to the EC2 instance profile that is associated with the instances.
No comments yet.