Question #542
A company operates a hybrid environment with on-premises servers and Amazon EC2 instances. They need a unified patch management strategy that ensures compliance across all systems and provides a consolidated view of patch status. Which solution should a solutions architect recommend to meet these requirements?
Use AWS Systems Manager Patch Manager to handle patching for both on-premises servers and EC2 instances. Generate compliance reports directly from Systems Manager.
Deploy AWS OpsWorks to manage patches across all servers and instances. Use AWS CloudTrail logs integrated with Amazon Athena to generate compliance reports.
Configure AWS Config to enforce patch compliance rules across on-premises servers and EC2 instances. Use AWS Lambda to aggregate patch status data into Amazon S3 for reporting.
Utilize AWS CloudFormation to automate patching workflows for all servers. Use Amazon CloudWatch dashboards to visualize patch compliance metrics.
Explanation
Answer A is correct because AWS Systems Manager (SSM) Patch Manager is explicitly designed to handle patch management across hybrid environments, including on-premises servers and EC2 instances. It ensures compliance by automating patch deployment and provides consolidated compliance reports directly within Systems Manager. Other options are incorrect because:
- Option B: AWS OpsWorks focuses on configuration management (Chef/Puppet), not patch management, and CloudTrail/Athena is not designed for patch compliance reporting.
- Option C: AWS Config tracks resource configuration changes but does not manage patches, and Lambda/S3 aggregation adds unnecessary complexity.
- Option D: CloudFormation automates infrastructure provisioning, not patching workflows, and CloudWatch lacks native patch compliance tracking.
Key Points: Use AWS Systems Manager for hybrid patch management and compliance reporting. Avoid services like OpsWorks, Config, or CloudFormation for this specific use case.
Answer
The correct answer is: A