AWS Certified Solutions Architect – Associate (SAA-C03) — Question 953

A company uses AWS Systems Manager for routine management and patching of Amazon EC2 instances. The EC2 instances are in an IP address type target group behind an Application Load Balancer (ALB).

New security protocols require the company to remove EC2 instances from service during a patch. When the company attempts to follow the security protocol during the next patch, the company receives errors during the patching window.

Which combination of solutions will resolve the errors? (Choose two.)

Answer options

• A. Change the target type of the target group from IP address type to instance type.
• B. Continue to use the existing Systems Manager document without changes because it is already optimized to handle instances that are in an IP address type target group behind an ALB.
• C. Implement the AWSEC2-PatchLoadBalanacerInstance Systems Manager Automation document to manage the patching process.
• D. Use Systems Manager Maintenance Windows to automatically remove the instances from service to patch the instances.
• E. Configure Systems Manager State Manager to remove the instances from service and manage the patching schedule. Use ALB health checks to re-route traffic.

Correct answer: C, D

Explanation

To patch EC2 instances behind an Application Load Balancer safely, the AWSEC2-PatchLoadBalanacerInstance Automation document (Option C) is designed to gracefully deregister instances from the target group, patch them, and then reregister them. This process should be scheduled and executed during a Systems Manager Maintenance Window (Option D) to ensure the tasks run automatically without causing errors or service disruption. Other options like changing target group types or relying on State Manager and health checks do not provide the proper orchestration required for this specific workflow.