You are managing thousands of Amazon EC2 instances in an enterprise organization.
You need to frequently configure multiple instances at the same time by running the same shell commands such as “docker restart”. The operation should be fully monitored and recorded in CloudTrail.
You do not want to configure SSH keys to access the instances. Which of the following methods should you choose?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: D.
Option A is incorrect because Ansible still relies on SSH, and you need to configure the SSH keys.
It is also difficult to maintain an audit of the operations in CloudTrail.
Option B is incorrect because AWS OpsWorks is a configuration management service that manages instances using Chef and Puppet.
As per the asks, it needs the service to run shell commands on the EC2 instances.
OpsWorks is too heavy for this scenario.
Option C is incorrect because using CloudFormation to run shell scripts on many EC2 instances would not be suitable.
AWS CloudFormation generally would be used to deploy Infrastructure and services on AWS Cloud.
Option D is CORRECT because, with AWS Systems Manager Run Command, you can select several EC2 instances and run a pre-defined command script document.
Users can easily manage a large number of instances without SSH access.
Reference:
https://aws.amazon.com/blogs/aws/manage-instances-at-scale-without-ssh-access-using-ec2-run-command/.The best method to manage and configure multiple Amazon EC2 instances while monitoring and recording the operations in CloudTrail without configuring SSH keys is by installing the AWS Systems Manager agent on the EC2 instances and using AWS Systems Manager Run Command to manage instances remotely. Therefore, option D is the correct answer.
AWS Systems Manager is a management service that helps you automatically collect software inventory, apply OS patches, create system images, and configure EC2 instances remotely. The Systems Manager agent can be installed on both Linux and Windows instances and enables you to execute scripts, run commands, and manage instances using the Systems Manager console or the AWS CLI.
AWS Systems Manager Run Command is a feature that enables you to remotely and securely manage the configuration of your EC2 instances without requiring SSH or RDP access. Using Run Command, you can remotely execute scripts and commands across a fleet of EC2 instances simultaneously, which makes it easy to configure multiple instances quickly and consistently.
Option A, creating Ansible playbooks, is a valid approach, but it requires installing and configuring additional software on the EC2 instances, which adds complexity to the solution. Moreover, configuring and maintaining inventory documents to group and manage EC2 instances may be time-consuming and error-prone.
Option B, installing the Chef agent and editing cookbooks, is also a valid approach, but it requires additional software to be installed on the EC2 instances, which adds complexity to the solution. Additionally, AWS OpsWorks, the service used to manage the Chef agent, requires more setup and configuration, making this option less efficient than option D.
Option C, creating CloudFormation templates, is a valid approach to automate the deployment of resources, including EC2 instances, but it is not the best option for managing and configuring existing instances. Moreover, creating portfolios and products using the templates in AWS Service Catalog may be overkill for this use case.
In conclusion, the best method for managing and configuring multiple EC2 instances while monitoring and recording the operations in CloudTrail without configuring SSH keys is to install the AWS Systems Manager agent on the EC2 instances and use AWS Systems Manager Run Command to manage instances remotely.