AWS Certified DevOps Engineer – Professional (DOP-C02) — Question 319
A company's DevOps engineer must install a software package on 30 on-premises VMs and 15 Amazon EC2 instances.
The DevOps engineer needs to ensure that all VMs receive the package in a process that is auditable and that any configuration drift on the VMs is automatically identified and alerted on. The company uses AWS Direct Connect to connect its on-premises data center to AWS.
Which solution will meet these requirements with the MOST operational efficiency?
Answer options
- A. Write a script that iterates through the list of VMs once a week. Configure the script to check for the package and install the package if the package is not found. Configure the script to send an email message notification to the system administrator if the package is not found.
- B. Install the AWS Systems Manager Agent (SSM Agent) on all VMs. Use the SSM Agent to install the package. Use AWS Config to monitor for configuration drift. Use Amazon Simple Notification Service (Amazon SNS) to notify the system administrator if any drift is found.
- C. Write a script that checks if the package is installed across the environment. Configure the script to create a list of all VMs that are noncompliant. Configure the script to send the list to the system administrator, who will install the package on the noncompliant VMs.
- D. Log in to each VM. Use a local package manager to install the package. Use AWS Config to monitor the AWS resources for configuration changes. Write a script to monitor the on-premises resources.
Correct answer: B
Explanation
Option B is the most operationally efficient solution because installing the SSM Agent on both EC2 and hybrid on-premises VMs allows AWS Systems Manager to centrally manage and audit the software installation. AWS Config integrates seamlessly with systems manager managed instances to record configuration changes and detect drift, while Amazon SNS automates the alerting process. The other options rely on manual processes or custom scripts, which increase operational overhead and fail to provide robust, out-of-the-box auditing.