Question #1331
A company needs to manage and enforce configuration policies across their EC2 instances, as well as automate remediation actions for non-compliant resources. Which AWS service should the company use?
AWS Systems Manager
Amazon CloudWatch
Amazon Inspector
AWS Security Hub
Explanation
AWS Systems Manager (SSM) is designed to manage and enforce configuration policies across EC2 instances using features like State Manager, which ensures instances remain in a defined state. It also offers Automation to remediate non-compliant resources through predefined or custom workflows.
Other options are incorrect because:
- B. Amazon CloudWatch: Focuses on monitoring and alerting, not configuration enforcement or remediation.
- C. Amazon Inspector: Performs security assessments but does not enforce configurations or automate fixes.
- D. AWS Security Hub: Aggregates security findings but lacks native configuration management and remediation capabilities.
Key Points:
- Use SSM for configuration management and automated remediation.
- State Manager ensures compliance, Automation handles fixes.
- Other services focus on monitoring (CloudWatch), vulnerability scanning (Inspector), or security aggregation (Security Hub).
Answer
The correct answer is: A