Module 3: AWS Services and Features Used for Automation

Looking for ‘Automation in the AWS Cloud Module 3 Answers’?

In this post, I provide complete, accurate, and detailed explanations for the answers to Module 3: AWS Services and Features Used for Automation? of Course 7: Automation in the AWS Cloud 

Whether you’re preparing for quizzes or brushing up on your knowledge, these insights will help you master the concepts effectively. Let’s dive into the correct answers and detailed explanations for each question!

Final Assessment

Graded Assignment

1. What are some reasons to automate the provisioning and configuration of cloud resources? (Select THREE.)

  • Repeatability ✅
  • Effective communication
  • Pay-as-you-go pricing
  • Consistency ✅
  • Documentation ✅
  • Observability

Explanation:
Automation ensures repeatable results, reduces configuration drift (consistency), and the code itself acts as documentation.

2. What is the main purpose of an AWS CloudFormation template?

  • It provides a way to automatically run scripts on Amazon Elastic Compute Cloud (Amazon EC2) instances when they are first launched.
  • It provides a declarative way to automatically provision AWS Cloud resources in an infrastructure stack. ✅
  • It provides a way to automatically provision AWS Cloud resources by using libraries and tools for specific programming languages, such as Python.
  • It provides an imperative programming model for automating AWS API calls.

Explanation:
CloudFormation templates use a declarative approach to define what infrastructure should look like.

3. Which statement BEST describe infrastructure as code (IaC)?

  • The ability to automate the provisioning and management of cloud infrastructure through code, such as scripts, configuration files, templates, and software agents ✅
  • The ability of developers to continuously merge their code updates into an automated pipeline that consists of source control, building, and testing
  • The ability of a cloud infrastructure to automatically scale in or scale out in response to the level of demand
  • The ability of developers to automate the release of tested code to a production environment

Explanation:
IaC is all about treating infrastructure the same way you treat application code.

4. Which services or features can be used to directly manage provisioned infrastructure resources in the AWS Cloud? (Select THREE.)

  • AWS CodeDeploy
  • Amazon Linux
  • Amazon Elastic Compute Cloud (Amazon EC2) instance metadata ✅
  • AWS Systems Manager ✅
  • Amazon Machine Images (AMIs)
  • AWS Organizations ✅

Explanation:
AWS Systems Manager enables centralized infrastructure management through features like Run Command and Parameter Store, making it possible to automate tasks such as patching and configuration across an entire fleet of instances. Amazon EC2 instance metadata allows access to instance-specific information from within the instance itself, which is useful for automation and configuration tasks. AWS Organizations allows for centralized governance and resource management across multiple AWS accounts, helping enforce policies and access controls. In contrast, AWS CodeDeploy focuses on deploying application code rather than managing infrastructure resources directly. Amazon Linux is an operating system, not a management tool, and Amazon Machine Images (AMIs) are templates used to launch EC2 instances, not to manage them after provisioning.

5. Which resource-management task can AWS Systems Manager perform at scale?

  • Automatically add or remove Amazon Elastic Compute Cloud (Amazon EC2) instances from a given EC2 instance fleet
  • Detect infrastructure drift between an AWS CloudFormation template and its provisioned stack
  • Install patches on an entire fleet of Amazon Elastic Compute Cloud (Amazon EC2) instances ✅
  • Manage multiple AWS accounts from a central location

Explanation:
AWS Systems Manager Patch Manager is designed for this exact purpose.

6. A company uses a script file that performs AWS API operations to create Amazon Elastic Compute Cloud (Amazon EC2) instances in their environment. The script uses the AWS Command Line Interface (AWS CLI) and requires authorization through an AWS Identity and Access Management (IAM) administrative user credential. The company wants to enhance the automation workflow so their developers can experiment more frequently, but still follow security best practices. Which change follows automation best practices for security by preventing IAM credentials from potentially being exposed?

  • Replace the IAM user login through the AWS CLI by asking a human administrator to log in to the AWS Management Console instead.
  • Update the script to embed the login credentials for the company’s administrative AWS account.
  • Configure monitoring and logging in the script to track instance creation, and send automated notifications to company administrators when instances are created in the development environment.
  • Update the script to use an IAM role to create EC2 instances on behalf of the role. ✅

Explanation:
Using IAM roles with temporary credentials is more secure than using long-term IAM user credentials.

Related contents:

Module 1: Why Automate?
Module 2: Infrastructure as Code

You might also like:

Course 1: Introduction to Information Technology and AWS Cloud
Course 2: AWS Cloud Technical Essentials
Course 3: Providing Technical Support for AWS Workloads
Course 4: Developing Applications in Python on AWS
Course 5: Skills for Working as an AWS Cloud Consultant
Course 6: DevOps on AWS and Project Management
Course 8: Data Analytics and Databases on AWS
Course 9: Capstone: Following the AWS Well Architected Framework

Leave a Reply