AWS Certified Solutions Architect – Professional — Question 688

A solutions architect is importing a VM from an on-premises environment by using the Amazon EC2 VM Import feature of AWS Import/Export. The solutions architect has created an AMI and has provisioned an Amazon EC2 instance that is based on that AMI. The EC2 instance runs inside a public subnet in a VPC and has a public IP address assigned.
The EC2 instance does not appear as a managed instance in the AWS Systems Manager console.
Which combination of steps should the solutions architect take to troubleshoot this issue? (Choose two.)

Answer options

• A. Verify that Systems Manager Agent is installed on the instance and is running
• B. Verify that the instance is assigned an appropriate IAM role for Systems Manager.
• C. Verify the existence of a VPC endpoint on the VPC.
• D. Verify that the AWS Application Discovery Agent is configured.
• E. Verify the correct configuration of service-linked roles for Systems Manager.

Correct answer: A, B

Explanation

For an Amazon EC2 instance to be recognized as a managed instance in AWS Systems Manager, it must have the Systems Manager Agent (SSM Agent) installed and running, and it must have an IAM instance profile (role) with the correct permissions, such as the AmazonSSMManagedInstanceCore policy. Because the instance is in a public subnet with a public IP address, it can access the Systems Manager service endpoints directly over the internet, making VPC endpoints unnecessary for basic connectivity.