AWS Systems Manager Services

AWS Systems Manager - Run Command

Prev Question Next Question

Question

You are maintaining over a dozen EC2 Ubuntu instances.

The application installed in the instances had an issue last week, and the development team already knew the root cause.

To prevent the issue from happening again, some debug logs have been added to the application.

Your manager asked you to use AWS Systems Manager to send the logs to an S3 bucket every 2:00 AM for all the EC2 instances.

Which AWS Systems Manager service should you use to meet this requirement? Choose 2 Options.

Answers

A. Use the Session manager to send the required logs to the S3 bucket every 2:00 AM.

B. Use Systems Manager Distributor to transfer the logs every 2:00 AM on all the AWS Systems Manager managed instances.

C. Use State Manager to run a shell script every 2:00 AM for all the EC2 instances.

D. Create a schedule in AWS Systems Manager Maintenance Windows to move the logs to the S3 bucket every 2:00 AM.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer - C and D.

For this case, the State Manager should be used.

The “AWS-RunPowerShellScript” document can be created, and its target is all the EC2 instances.

AWS Systems Manager State Manager is a service that automates the process of keeping the Amazon EC2 or hybrid infrastructure in the state that you desire.

Option A is incorrect: Because Session Manager is a service to provide secure and auditable instance management, which is not a tool to execute a script or command.

Option B is incorrect: Because Distributor packages the software to install on AWS Systems Manager managed instances.

It is not designed to run a script or command as a schedule.

Option C is CORRECT: Because in State Manager, the user can design an association that contains a proper document to accomplish this mission.

Option D is CORRECT: Configure instance permissions with IAM needed to run maintenance window tasks on your instances and Configure user permissions in your account who assigns tasks to maintenance windows.

Version Description Run a PowerShell script or specify the paths to scripts to run.

Targets

Targets are the instances you would like to associate with this document. You can choose to target by both managed instance and tag.

Select Targets by ©

AWS-RunPatchBaseline
e@ AWS-RunPowerShellScript
AWS-RunRemoteScript
AWS-RunSaltState
AWS-RunShellScript

AWS-SetupInventory

Specifying a Tag

Manually Selecting Instances

Amazon
Amazon
Amazon
Amazon
Amazon

Amazon

Windows,Linux
Windows,Linux
Windows,Linux
Linux
Linux

Windows,Linux

To meet the requirement of sending logs from multiple EC2 instances to an S3 bucket every day at 2:00 AM, AWS Systems Manager provides different services that can be used. Two possible options that could meet the requirement are:

Option A: Use the Session Manager to send the required logs to the S3 bucket every 2:00 AM. Option D: Create a schedule in AWS Systems Manager Maintenance Windows to move the logs to the S3 bucket every 2:00 AM.

Option B (Use Systems Manager Distributor to transfer the logs every 2:00 AM on all the AWS Systems Manager managed instances) does not meet the requirement as it is not clear if the EC2 instances are managed by AWS Systems Manager or not. Additionally, using Distributor to transfer logs to S3 requires an additional setup process of creating packages, versions, and associations which may not be necessary.

Option C (Use State Manager to run a shell script every 2:00 AM for all the EC2 instances) does not meet the requirement as State Manager is used for managing the configuration of EC2 instances and not for transferring logs.

Option A: Use the Session Manager to send the required logs to the S3 bucket every 2:00 AM.

AWS Systems Manager Session Manager allows users to securely manage instances without the need for SSH or RDP connections. It provides a simple and secure way to execute commands on EC2 instances and provides features like session history, audit logging, and access control. However, it does not have built-in functionality to send logs to S3.

Therefore, using the Session Manager for transferring logs would require additional setup, such as writing a script that extracts the logs and sends them to the S3 bucket using AWS CLI or SDK. This approach may require additional IAM permissions and access control setup to ensure secure transfer of logs.

Option D: Create a schedule in AWS Systems Manager Maintenance Windows to move the logs to the S3 bucket every 2:00 AM.

AWS Systems Manager Maintenance Windows is a service that enables users to schedule AWS Systems Manager automation tasks across fleets of instances. It provides a simple and automated way to manage patching, maintenance, and other administrative tasks on EC2 instances.

Using Maintenance Windows to schedule the transfer of logs to S3 bucket would require creating an SSM automation document that includes a script to extract logs from the EC2 instances and copy them to the S3 bucket. This can be done using the "AWS-RunShellScript" document type or using a custom document that is tailored to meet the specific requirements.

Once the automation document is created, it can be scheduled to run at 2:00 AM using Maintenance Windows. Maintenance Windows provide a centralized and automated way to run the automation tasks across all EC2 instances in the fleet, including tagging and filtering options that can help to target specific instances.

In summary, both options A and D can be used to transfer logs from multiple EC2 instances to an S3 bucket every 2:00 AM. Option A requires additional setup to extract logs and send them to S3, while option D requires creating an SSM automation document that can be scheduled using Maintenance Windows. The best option would depend on the specific requirements, such as the level of automation, security, and access control required.

Prev Question Next Question