Q47 — AWS DOP-C02 Ch.1

Question 47 of 100 | ← Chapter 1

A company uses AWS Systems Manager to manage Amazon Linux EC2 instances with the SSM Agent installed. All EC2 instances are configured to use Instance Metadata Service Version 2 (IMDSv2) and run in the same AWS account and Region. The company’s policy requires developers to use only Amazon Linux. The company wants to ensure that new EC2 instances are automatically managed by Systems Manager immediately after creation.

Correct Answer: A. Create an IAM role with a trust policy allowing Systems Manager to assume the role. Attach the latest AmazonSSMManagedInstanceCore managed policy to the role. Configure the SSM service setting 'Default EC2 instance management role' to use this role.

Explanation

The scenario involves configuring AWS Systems Manager (SSM) so new EC2 instances are automatically managed upon launch. Answer A focuses on IAM role configuration—the core prerequisite. The IAM role’s trust policy must allow the EC2 service to assume it, and the AmazonSSMManagedInstanceCore policy must be attached to grant SSM required permissions. Setting the Systems Manager default EC2 instance management role ensures the role is applied automatically at instance launch. Other options rely on remediation or non-immediate configurations and do not guarantee management at launch time. AWS documentation emphasizes that EC2 instances require the correct IAM role to interact with SSM; role configuration is foundational. Options B, C, and D involve AWS Config rules, Patch Manager, or automated remediation steps, none of which directly address role assignment at instance launch.