A company's DevOps engineer uses AWS Systems Manager to perform maintenance tasks during maintenance windows. The company has a few Amazon EC2 instances that require a restart after notifications from AWS Health. The DevOps engineer needs to implement an automated solution to remediate these notifications. The DevOps engineer creates an Amazon EventBridge rule.
How should the DevOps engineer configure the EventBridge rule to meet these requirements?
The DevOps engineer needs to automate the restart of Amazon EC2 instances based on notifications from AWS Health. The optimal way to achieve this is by configuring an Amazon EventBridge rule that uses AWS Health as the event source, with an event type that indicates instance maintenance. This rule should target a Systems Manager document to restart the instance. This approach leverages the existing capabilities of AWS Systems Manager, which can perform automation tasks directly on EC2 instances, including restarts, without the need for additional components such as AWS Lambda. This ensures a streamlined and efficient solution.
And AWS Training and Certification has A as the correct answer in the practice exam.
It doesn't need to invoke Lambda. There is a SSM document , RestartEC2Instance https://docs.aws.amazon.com/health/latest/ug/cloudwatch-events-health.html
Answer is A. You can create a maintenance window in AWS SSM and associate the EventBridge rule with the maintenance window. No need to customize the solution with lambda.
A say Target a"Systems Manager document" not support by EB => need to use Lambda => Answer is C https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-targets.html
A Systems Manager document defines the actions that Systems Manager performs on your managed instances. An automation document is a type of Systems Manager document that's used to perform common maintenance and deployment tasks. This includes creating or updating an Amazon Machine Image (AMI). This topic outlines how to create, edit, publish, and delete automation documents with AWS Toolkit. sorry my mistake, ans is A
https://docs.aws.amazon.com/health/latest/ug/cloudwatch-events-health.html#automating-instance-actions
The system is already using SSM to manage EC2 instances, why would you create another solution and use Lambda ? The maintenance window is added to confuse people. The event is from AWS health and need attention immediately. option A fits perfectly.
Option A appears to be the most suitable: Configuring AWS Health as the event source ensures notifications related to EC2 instances are captured. Targeting a Systems Manager document to restart the EC2 instance aligns with Systems Manager's capabilities for automated tasks like instance restarts. Option B focuses on Systems Manager events related to maintenance windows, which might not directly align with notifications triggered by AWS Health for EC2 instance maintenance.
Answer is A, lets breakdown the question. The first part is the DevOps uses system manager for maintenance windows (ok, normal approach) Second part of the question, some EC2 instances requires a restart after AWS Health notification (So, If there is a AWS Health notification the EC2 instance needs a restart), third part of the question, the DevOps should solve the part 2 problem automatically (but it doesn't say when, only a restart is needed), so .. the first part of the question is a catfish, you need to solve the problem automatically an the best way to do it is the A option,
If there is a AWS user guide / dg / FAQ with the solution trust that is the answer. https://docs.aws.amazon.com/health/latest/ug/cloudwatch-events-health.html
A is correct: B: AWS health should be the event source, not system manager C and D: should not use lambda if already have System manager
https://docs.aws.amazon.com/health/latest/ug/cloudwatch-events-health.html#automating-instance-actions
No need to invoke Lambda.
I'm hesitant between A and C but I'm voting C 1) SSM document is not a valid target, valid targets for SSM are: Automation, Run Command, OpsItem 2) If company is already using maitenance windows devops engineer should use them instead of restarting instances immediately
easiest way to do this
SSM Runbook: AWS-RestartEC2Instance (restart one or more EC2 instances)
In reading through some of the responses I think "maintenance windows" (plural) doesn't imply scheduling through Lambda. A DevOps engineer can disable automation during production hours. The scenario is unclear if they want this running all the time, or just enabled to run ONLY in a maintenance window. What I'm sure of is they are wanting the SSM runbook as the answer. In the real world, if productin EC2 instance has a health issue, you might just very well want to reboot it automatically if that truly fixes the problem. Nuff said.
The answer is C because A. This option is incorrect because AWS Health notifications do not trigger Systems Manager maintenance windows directly. Additionally, Systems Manager documents cannot restart EC2 instances directly; they need to be executed through other services like Systems Manager Automation or AWS Lambda.
Thus, Option C is the most accurate and effective solution for automating EC2 instance restarts in response to AWS Health notifications, leveraging the combined capabilities of AWS Health, Amazon EventBridge, AWS Lambda, and AWS Systems Manager.
Why does Lambda have to be involved?
It can't be A, as the AWS-RestartEC2Instance action is immediate. You need Lambda to schedule it to run during maintenance window.
system manager's automation document can also do it! the rule of thumb is all ec2 related things could directly be run via automation document but for complex task which is not by-default covered using automation document we use lambda.