Logo
AWS Certified Solutions Architect - Professional / Question #638 of 529

Question #638

A large company operates a web application hosted on Amazon EC2 Linux instances in an Auto Scaling group within a private subnet. The instances are fronted by an Application Load Balancer (ALB), and AWS Systems Manager Session Manager is configured with the SSM Agent running on all instances. After a recent update to the security group rules, some instances are failing health checks and being terminated by the Auto Scaling group. The Amazon CloudWatch logs provide insufficient details to diagnose the issue. How should the solutions architect access an EC2 instance to investigate the problem?

D

Suspend the Auto Scaling group\u2019s Terminate process. Use Session Manager to connect to an unhealthy instance.
A

Suspend the Auto Scaling group\u2019s HealthCheck scaling process. Use Session Manager to connect to an unhealthy instance.
B

Enable termination protection on the instance. Use Session Manager to connect to an unhealthy instance.
C

Set the Auto Scaling group\u2019s termination policy to NewestInstance. Use Session Manager to connect to an unhealthy instance.

Explanation

Answer D is correct because suspending the Auto Scaling group's Terminate process stops instances from being automatically terminated due to failed health checks. This provides time to use Session Manager (configured with SSM Agent) to connect to the unhealthy instance in the private subnet and diagnose the problem.

Other options are incorrect because:
- A: Suspending HealthCheck only stops new health checks but does not prevent termination of already unhealthy instances.
- B: Termination protection on EC2 instances does not block Auto Scaling-initiated terminations.
- C: Changing the termination policy to NewestInstance affects which instance is terminated during scaling-in but does not prevent termination of unhealthy instances.

Key points:
1. Auto Scaling processes (e.g., HealthCheck, Terminate) can be suspended to control instance lifecycle actions.
2. Session Manager allows secure access to instances in private subnets without public IPs or SSH bastion hosts.
3. Termination protection and scaling policies do not override Auto Scaling's health-based termination logic.

Answer

The correct answer is: D