A company has AWS accounts in an organization in AWS Organizations. The company needs to install a corporate software package on all Amazon EC2 instances for all the accounts in the organization.
A central account provides base AMIs for the EC2 instances. The company uses AWS Systems Manager for software inventory and patching operations.
A security engineer must implement a solution that detects EC2 instances ttjat do not have the required software. The solution also must automatically install the software if the software is not present.
Which solution will meet these requirements?
Utilizing AWS Config with a custom AWS Config rule (ec2-managedinstance-applications-required) enables detection of EC2 instances lacking the required software across all accounts in an organization. By creating an Amazon EventBridge rule that triggers on AWS Config events, and configuring it to invoke an AWS Lambda function, automated actions can be taken to ensure compliance. The Lambda function can leverage AWS Systems Manager Run Command to install the necessary software on non-compliant instances. This approach ensures continuous compliance and automated remediation, aligning with best practices for cloud security and management.
Vincent
2 months agoGeraldine
2 months agoIra
2 months agoVince
2 months agoMajor
1 months agoArt
1 months agoStefany
1 months agoYun
2 months agoJennifer
2 months agoMiesha
2 months agoElliot
2 months agoYasuko
3 months agoMacy
3 months agoJulieta
1 months agoTwanna
1 months agoKerry
1 months agoMalcolm
2 months agoMicaela
3 months ago