AWS Certified Solutions Architect Professional SAP-C02 Practice Question

The correct answer is to use SSM State Manager associations. State Manager is a configuration management service that automates the process of keeping managed nodes in a defined state. By creating an association, you link managed instances (both EC2 and on-premises) with an SSM document that defines the target configuration. State Manager will apply this configuration on a schedule you define, automatically detecting and remediating any configuration drift, which directly addresses the core requirements of the scenario.

• SSM Run Command is designed for ad-hoc or one-time remote command execution, not for maintaining a consistent state over time. While it can be used for applying configurations, it doesn't have the built-in scheduling and drift-remediation capabilities of State Manager.
• SSM Inventory combined with AWS Config is an excellent solution for detecting and reporting on configuration compliance, but it does not natively enforce the state or perform the remediation itself. Remediation would need to be triggered as a separate action, making it a less direct and less efficient solution for this specific problem.
• SSM Automation is used for orchestrating complex workflows and multi-step tasks, which can include AWS API calls across different services. While a custom automation could be built for this purpose, it is overly complex for declarative state management. State Manager is the purpose-built, more direct, and efficient tool for maintaining a desired state.