ExamTopics Logo
Mail Us[email protected]
Menu
Amazon Discussions
exam questions

Exam AWS Certified Solutions Architect - Associate SAA-C03 All Questions

View all questions & answers for the AWS Certified Solutions Architect - Associate SAA-C03 exam
Go to Exam

Exam AWS Certified Solutions Architect - Associate SAA-C03 topic 1 question 723 discussion

Exam question from Amazon's AWS Certified Solutions Architect - Associate SAA-C03
Question #: 723
Topic #: 1
[All AWS Certified Solutions Architect - Associate SAA-C03 Questions]

A company has applications that run on Amazon EC2 instances. The EC2 instances connect to Amazon RDS databases by using an IAM role that has associated policies. The company wants to use AWS Systems Manager to patch the EC2 instances without disrupting the running applications.

Which solution will meet these requirements?

  • A. Create a new IAM role. Attach the AmazonSSMManagedInstanceCore policy to the new IAM role. Attach the new IAM role to the EC2 instances and the existing IAM role.
  • B. Create an IAM user. Attach the AmazonSSMManagedInstanceCore policy to the IAM user. Configure Systems Manager to use the IAM user to manage the EC2 instances.
  • C. Enable Default Host Configuration Management in Systems Manager to manage the EC2 instances.
  • D. Remove the existing policies from the existing IAM role. Add the AmazonSSMManagedInstanceCore policy to the existing IAM role.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Andy_09 at Feb. 5, 2024, 7:28 p.m.
Disclaimers:
  • - ExamTopics website is not related to, affiliated with, endorsed or authorized by Amazon.
  • - Trademarks, certification & product names are used for reference only and belong to Amazon.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
jaswantn
Highly Voted 1 year, 1 month ago
option C....Default Host Management Configuration creates and applies a default IAM role to ensure that Systems Manager has permissions to manage all instances in the Region and perform automated patch scans using Patch Manager.
upvoted 12 times
...
Pics00094
Highly Voted 1 year, 1 month ago
Selected Answer: C
C is the answer
upvoted 6 times
...
FlyingHawk
Most Recent 2 months, 4 weeks ago
Selected Answer: C
https://docs.aws.amazon.com/systems-manager/latest/userguide/setup-instance-permissions.html, DHMC eliminates the need to manually create and attach a new IAM role for Systems Manager, reducing operational overhead.
upvoted 1 times
...
LeonSauveterre
3 months, 1 week ago
Selected Answer: C
Well.. Actually I don't know what to choose. A or C ?? A - EC2 instances can have only one IAM role attached at a time. Whether attaching multiple roles is possible or not depends on whether AWS allows such configuration in your environment. B - Systems Manager manages EC2 instances through the instance's attached IAM role, not an IAM user. C - It doesn't address the core requirement of maintaining the existing RDS connectivity. It still requires the EC2 instances to have the necessary IAM permissions to be managed by SSM. The IAM role associated with the EC2 instance must still have the AmazonSSMManagedInstanceCore policy attached to enable Systems Manager capabilities. D - Removing the existing policies would break the application's ability to connect to the RDS database. This directly contradicts the requirement of not disrupting running applications.
upvoted 1 times
FlyingHawk
2 months, 4 weeks ago
A is the way before having C, details see this blog: https://aws.amazon.com/blogs/mt/enable-management-of-your-amazon-ec2-instances-in-aws-systems-manager-using-default-host-management-configuration/
upvoted 1 times
...
...
rosanna
3 months, 1 week ago
Selected Answer: A
I'd vote for A because the request here is not to disrupt the existing workload, meaning the existing IAM role must be intact with the addition to the new permission set that gives SSM patch manager patching capabilities.
upvoted 1 times
...
MatAlves
6 months, 2 weeks ago
Selected Answer: C
"The Default Host Management Configuration setting allows AWS Systems Manager to manage your Amazon EC2 instances automatically as managed instances. Default Host Management Configuration makes it possible to manage EC2 instances without your having to manually create an AWS Identity and Access Management (IAM) instance profile. Instead, Default Host Management Configuration creates and applies a default IAM role to ensure that Systems Manager has permissions to manage all instances in the AWS account and AWS Region where it's activated."
upvoted 3 times
MatAlves
6 months, 2 weeks ago
https://docs.aws.amazon.com/systems-manager/latest/userguide/fleet-manager-default-host-management-configuration.html
upvoted 2 times
...
...
88f8032
11 months ago
Selected Answer: A
i think A
upvoted 2 times
...
NayeraB
1 year, 1 month ago
So is C same as A, but automated?
upvoted 2 times
LeonSauveterre
3 months, 1 week ago
No, A is impossible because EC2 instances can have only one IAM role attached at a time.
upvoted 1 times
...
...
osmk
1 year, 1 month ago
C is fine
upvoted 2 times
...
Andy_09
1 year, 1 month ago
C is a better option
upvoted 3 times
...
Andy_09
1 year, 1 month ago
Correct answer A
upvoted 3 times
arunkpskpm
1 year, 1 month ago
"Attach the new IAM role to the EC2 instances and the existing IAM role" - You can't attach multiple policies to an EC2 instance. So A is wrong.
upvoted 6 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago