A DevOps engineer needs to implement a solution to install antivirus software on all the Amazon EC2 instances in an AWS account. The EC2 instances run the most recent version of Amazon Linux.
The solution must detect all instances and must use an AWS Systems Manager document to install the software if the software is not present.
Which solution will meet these requirements?
To meet the requirements of installing antivirus software on all Amazon EC2 instances in an AWS account, creating an association in Systems Manager State Manager is the effective solution. This allows targeting all the managed nodes, and it can ensure the software installation using the specified Systems Manager document. The association in Systems Manager State Manager is specifically designed to automate tasks such as software installation, ensuring compliance and consistent software deployment across instances.
By creating an association, you can ensure that all instances have the antivirus software installed and kept up-to-date.
---> I'm between A & D Not 100% sure about this but here are my 2 cents about DETECTING the instances that don't have the software installed: A - it's a bit tricky because it states that it targets all managed nodes - but what if there are other nodes that are not managed? It just assumes that all instances are managed by AWS Systems Manager B - How can Config determine if the software is installed? C - Amazon Inspector is focused on security assessments and compliance checks, not on ensuring software is installed. It would require additional setup and is not designed for direct software installation. D - it ensures that all instances are detected. It ensures that the installed software is tracked by using the AWS Systems Manager Inventory (which is designed for this kind of things). I'm not 100% sure about the phrase "Associate the Systems Manager inventory with the Systems Manager document." which I don't believe its technically possible