Explanation:
To manage on-premises servers using AWS Systems Manager without long-term credentials (like IAM users and access keys), you should use a managed-instance activation. The activation provides a temporary activation code and ID that the SSM Agent uses to securely authenticate and register the on-premises server with Systems Manager. Instance profiles (Option A) are used for EC2 instances, not on-premises servers.
Ultimate access to all questions.
A company is running workloads on premises and on AWS. A SysOps administrator needs to automate tasks across all servers on premises by using AWS services. The SysOps administrator must not install long-term credentials on the on-premises servers. What should the SysOps administrator do to meet these requirements?
A
Create an IAM role and instance profile that include AWS Systems Manager permissions. Attach the role to the on-premises servers.
B
Create a managed-instance activation in AWS Systems Manager. Install the Systems Manager Agent (SSM Agent) on the on-premises servers. Register the servers with the activation code and ID from the instance activation.
C
Create an AWS managed IAM policy that includes the appropriate AWS Systems Manager permissions. Download the IAM policy to the on-premises servers.
D
Create an IAM user and an access key. Log on to the on-premises servers and install the AWS CLI. Configure the access key in the AWS credentials file after the AWS CLI is successfully installed.
No comments yet.