🔥 3-day streak
AWS Certified Security - Specialty142 / 157
Question 142 of 157
A security team operates a dedicated security-tooling account within an AWS Organization. When GuardDuty detects a compromised EC2 instance in any member (workload) account, an EventBridge rule in the security account must trigger a Systems Manager Automation runbook that tags the instance, detaches it from its Auto Scaling group, and applies an isolation security group — all executed against the affected member account. The team wants a scalable, least-privilege mechanism that avoids storing long-term credentials for each member account. Which approach best enables the Automation runbook to perform these actions in the member accounts?
Reviewed for accuracy · Report an issueNext question