AWS Systems Manager Run Command enables secure, remote execution of commands on EC2 instances without requiring network access or inbound ports. According to the AWS Certified Security – Specialty Study Guide, Run Command is a recommended mechanism for incident response actions such as installing forensic tools, collecting evidence, or applying quarantine controls.
By granting the SSM Agent permission to execute a predefined Run Command document, the security engineer can immediately run the quarantine script across affected instances. This approach supports automation, scalability, and auditability, all of which are critical during security incidents.
Options A, B, and C do not directly enforce quarantine or execute response actions. Tracking versions and storing scripts alone do not trigger incident response.
AWS documentation highlights Systems Manager Run Command as a core capability for automated containment and investigation.
Referenced AWS Specialty Documents:
AWS Certified Security – Specialty Official Study Guide
AWS Systems Manager Run Command
AWS Incident Response Automation
