You are trying to use the Systems Manager to patch a set of EC2 systems.
Some of the systems are not getting covered in the patching process.
Which of the following can be used to troubleshoot the issue? Choose 3 answers from the options given below.
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - A, C and D.
For ensuring that the instances are configured properly, you need to ensure the following.
1)You installed the latest version of the SSM Agent on your instance.
2)Your instance is configured with an AWS Identity and Access Management (IAM) role that enables the instance to communicate with the Systems Manager API.
3)You can use the Amazon EC2 Health API to quickly determine the following information about Amazon EC2 instances The status of one or more instances.
· The last time the instance sent a heartbeat value.
· The version of the SSM Agent.
· The operating system.
· The version of the EC2Config service (Windows)
· The status of the EC2Config service (Windows)
Option B is invalid because IAM users are not supposed to be directly granted permissions to EC2 Instances.
For more information on troubleshooting AWS SSM, please visit the following URL:
https://docs.aws.amazon.com/systems-manager/latest/userguide/troubleshooting-remote-commands.htmlWhen using AWS Systems Manager to patch EC2 instances, if some of the instances are not getting covered in the patching process, there could be several reasons for this. To troubleshoot the issue, you can try the following steps:
A. Check to see if the right role has been assigned to the EC2 Instances:
When using AWS Systems Manager, EC2 instances must have the SSM agent installed and running, and the right IAM role must be assigned to the instances. If the IAM role is not assigned or is assigned incorrectly, then the instances will not be able to communicate with the Systems Manager service, and the patching process will not work as expected. You can check to see if the correct role has been assigned to the EC2 instances by using the EC2 console or the AWS CLI.
B. Check to see if the IAM user has the right permissions for EC2:
The IAM user that you are using to run the Systems Manager patching process must have the right permissions to perform the necessary actions on the EC2 instances. If the IAM user does not have the correct permissions, then the patching process will not work as expected. You can check to see if the IAM user has the right permissions by reviewing the IAM policies assigned to the user.
C. Ensure that agent is running on the Instances:
The SSM agent must be installed and running on the EC2 instances in order for the patching process to work. You can check the status of the SSM agent by logging into the EC2 instances and running the following command:
luasudo systemctl status amazon-ssm-agent If the SSM agent is not running, you can start it by running the following command:
sqlsudo systemctl start amazon-ssm-agent D. Check the Instance status by using the Health API:
You can check the health status of the EC2 instances by using the EC2 Health API. This API provides information about the overall health of the instances and any issues that might be impacting them. If there are any issues with the instances, such as network connectivity problems, then the patching process may not work as expected. You can use the EC2 Health API to diagnose and troubleshoot any issues that are impacting the instances.
In summary, to troubleshoot the issue of some EC2 instances not getting covered in the patching process using Systems Manager, you can check if the correct IAM role is assigned to the instances, if the IAM user has the right permissions, if the SSM agent is running on the instances, and if there are any issues with the instances by using the EC2 Health API.