Inspecting Running Processes on an EC2 Instance

Answer: C.

Option A is incorrect because AWS CloudTrail is used to record API activity on the AWS account and cannot be used to record running processes on EC2 machines.

Option B is incorrect because CloudWatch is a logging and metric service and cannot be used to record running processes on EC2 machines.

Option C is CORRECT because the SSM Run command can be used to send OS-specific commands to an instance.

Here you can check and see the running processes on an instance and then send the output to an S3 bucket.

Option D is incorrect because AWS Config is a configuration service and cannot be used to record running processes on EC2 machines.

For more information on the Systems Manager Run command, please visit the following URL:

https://docs.aws.amazon.com/systems-manager/latest/userguide/execute-remote-commands.html

The best answer to this question is C. Use the SSM Run command to execute a command on the EC2 instance that sends the list of running processes information to an S3 bucket.

Explanation:

SSM (Systems Manager) is an AWS service that provides a unified user interface so that you can view operational data from multiple AWS services and automate operational tasks across AWS resources. SSM Run command is a feature in SSM that allows you to remotely execute scripts or commands on your instances.

To use SSM Run command to inspect running processes on an EC2 instance, you would follow these steps:

1. Install the SSM agent on the EC2 instance you want to inspect. The SSM agent enables you to execute commands on an EC2 instance.

2. Configure an S3 bucket to receive the list of running processes information. You can create an S3 bucket and provide access to it through an IAM role.

3. Use the AWS Management Console, AWS CLI, or SDK to execute the following command on the EC2 instance:

   aws ssm send-command --document-name "AWS-RunShellScript" --comment "Get running processes" --instance-ids "<instance-id>" --parameters commands="ps -ef" --output-s3-bucket-name "<bucket-name>" --region "<region>"

   This command sends a command to the EC2 instance to retrieve the list of running processes and sends the output to the specified S3 bucket. The command retrieves the list of running processes using the "ps -ef" command.

4. Review the output file in the S3 bucket to see the list of running processes on the EC2 instance.

Using SSM Run command to inspect running processes on an EC2 instance has the following benefits:

• It does not require any changes to the instance configuration, so it will not interfere with the continuous running of the instance.
• The output is sent to an S3 bucket, which provides a centralized location for reviewing the output from multiple instances.
• It allows you to execute commands remotely, so you do not need to log in to the instance to execute the command.
• It provides a secure way to execute commands on instances, as it uses IAM roles to control access to resources.

AWS CloudTrail (A) records AWS API calls and events for auditing purposes, but it does not provide a way to inspect running processes on an EC2 instance.

AWS CloudWatch (B) can monitor metrics and logs from AWS resources, but it does not provide a way to inspect running processes on an EC2 instance.

AWS Config (D) provides a detailed view of the configuration of AWS resources, but it does not provide a way to inspect running processes on an EC2 instance.