AWS Certified Solutions Architect Professional SAP-C02 Practice Question

The correct solution is to use AWS Systems Manager with a delegated administrator account. This approach is the most operationally excellent because it is designed for centralized, multi-account, and multi-region management directly through AWS Organizations. Systems Manager Quick Setup simplifies the deployment of the SSM Agent and configuration of services across the entire organization. State Manager proactively enforces configuration baselines to prevent drift, Patch Manager uses policies for automated, scheduled patching across the fleet, and Distributor handles software package deployments. This combination provides a comprehensive, AWS-native, and highly automated solution that minimizes custom scripting and management overhead.

Incorrect answers are:

• AWS CloudFormation StackSets: While StackSets are excellent for provisioning infrastructure across accounts and regions, they are not ideal for ongoing OS-level configuration management. Configuration via UserData scripts runs only at instance launch, and managing frequent updates like patches or minor software changes through stack updates is inefficient and not the intended use case.
• AWS Config with AWS Lambda: This approach is reactive, not proactive. AWS Config would detect non-compliance after it occurs, and then custom Lambda functions would be needed to perform remediation. This introduces significant custom development effort and complexity, and it doesn't enforce a consistent state as effectively as a dedicated configuration management tool like Systems Manager State Manager.
• AWS OpsWorks: While a valid configuration management service, OpsWorks requires setting up and managing individual stacks in each account/region, increasing operational overhead compared to the centralized model of Systems Manager with AWS Organizations. It also relies on Chef or Puppet expertise, which may not be present, and is being phased out in favor of Systems Manager.