AWS Certified Cloud Practitioner / Question #1331 of 719

Question #1331

A company needs to manage and enforce configuration policies across their EC2 instances, as well as automate remediation actions for non-compliant resources. Which AWS service should the company use?

A

AWS Systems Manager

B

Amazon CloudWatch

C

Amazon Inspector

D

AWS Security Hub

Explanation

AWS Systems Manager (SSM) is designed to manage and enforce configuration policies across EC2 instances using features like State Manager, which ensures instances remain in a defined state. It also offers Automation to remediate non-compliant resources through predefined or custom workflows.

Other options are incorrect because:
- B. Amazon CloudWatch: Focuses on monitoring and alerting, not configuration enforcement or remediation.
- C. Amazon Inspector: Performs security assessments but does not enforce configurations or automate fixes.
- D. AWS Security Hub: Aggregates security findings but lacks native configuration management and remediation capabilities.

Key Points:
- Use SSM for configuration management and automated remediation.
- State Manager ensures compliance, Automation handles fixes.
- Other services focus on monitoring (CloudWatch), vulnerability scanning (Inspector), or security aggregation (Security Hub).

Answer

The correct answer is: A