The SysOps administrator must modify the AWS Config rule that deletes noncompliant SSH inbound rules to update the rule to allow SSH from specific trusted IP addresses instead.
Options:
A.
Create a new AWS Systems Manager Automation runbook that adds an IP set to the security group's inbound rule. Update the AWS Config rule to change the automatic remediation action to use the new runbook.
B.
Create a new AWS Systems Manager Automation runbook that updates the security group's inbound rule with the IP addresses from the business units. Update the AWS Config rule to change the automatic remediation action to use the new runbook.
C.
Create an AWS Lambda function that adds an IP set to the security group's inbound rule. Update the AWS Config rule to change the automatic remediation action to use the Lambda function.
D.
Create an AWS Lambda function that updates the security group's inbound rule with the IP addresses from the business units. Update the AWS Config rule to change the automatic remediation action to use the Lambda function.
Using a Systems Manager Automation runbook is appropriate for managing security group rules within the AWS Config remediation framework. A runbook provides a reusable, automated solution that can update the security group rule based on an IP list.
Automation Runbook for Security Group Updates: A runbook can automate security group modifications, such as adding the trusted IP addresses specified by the business units.
AWS Config Integration: Config rules can be set to use this runbook for automatic remediation, ensuring that the rule is updated without deleting it, which aligns with the requirement for SSH access from specific IPs.
Lambda functions could work but would require additional customization and complexity, making the runbook a more manageable and scalable solution for this task.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit