AWS SAA-C03 #37

A company recently launched a variety of new workloads on Amazon EC2 instances in its AWS account. The company needs to create a strategy to access and administer the instances remotely and securely. The company needs to implement a repeatable process that works with native AWS services and follows the AWS Well-Architected Framework.

Which solution will meet these requirements with the LEAST operational overhead?

A. Use the EC2 serial console to directly access the terminal interface of each instance for administration.

B. Attach the appropriate IAM role to each existing instance and new instance. Use AWS Systems Manager Session Manager to establish a remote SSH session.

C. Create an administrative SSH key pair. Load the public key into each EC2 instance. Deploy a bastion host in a public subnet to provide a tunnel for administration of each instance.

D. Establish an AWS Site-to-Site VPN connection. Instruct administrators to use their local on-premises machines to connect directly to the instances by using SSH keys across the VPN tunnel.


B. Attach the appropriate IAM role to each existing instance and new instance. Use AWS Systems Manager Session Manager to establish a remote SSH session.

Option B provides a secure and low-operational-overhead solution that aligns with the AWS Well-Architected Framework:

  1. IAM Roles: By attaching the appropriate IAM roles to the instances, you can control access to AWS services and resources. This ensures that only authorized users or systems can interact with the instances.

  2. AWS Systems Manager Session Manager: This service allows you to establish secure, controlled sessions with instances. It doesn't require opening inbound ports in security groups or network access control lists, which improves security.

  3. Least Operational Overhead: Using Systems Manager Session Manager means you don't have to manage additional infrastructure like bastion hosts or VPN connections. It's a managed service provided by AWS, reducing operational overhead.

  4. Secure: The use of IAM roles and Systems Manager for remote access is in line with security best practices, and it provides a controlled and secure method for administrators to access the instances.

Option A (using the EC2 serial console) might be useful in certain scenarios, but it's not suitable for remote administration on a regular basis due to limitations in functionality.

Option C (using a bastion host) adds additional infrastructure that needs to be managed and secured, which increases operational overhead.

Option D (AWS Site-to-Site VPN) is a valid option for connecting on-premises resources to AWS, but it introduces more complexity and overhead than necessary for this scenario, making it less suitable for the requirement of least operational overhead.

相关推荐
AOwhisky31 分钟前
Linux(CentOS)系统管理入门笔记(第四期)——文件系统(下篇):文件与目录操作实战——cpmvmkdirrmln
linux·运维·笔记·centos·云计算·文件系统
翼龙云_cloud13 小时前
阿里云国际代理商:阿里云 ECS 全维度监控配置教程
运维·阿里云·云计算·监控
AKAMAI16 小时前
2026年应用程序,API和DDoS:网络攻击活动的产业化
人工智能·云计算
腾讯云大数据1 天前
腾讯云TBDS面向AI时代的多模态智算平台,助力企业AI转型
人工智能·云计算·腾讯云·tbds
AOwhisky1 天前
Linux(CentOS)系统管理入门笔记(第一期)——从 Multics 到主流发行版
linux·运维·笔记·centos·云计算
summer_west_fish1 天前
云计算解决方案与未来趋势
云计算
AOwhisky2 天前
kubernetes(K8s)学习笔记:第十期与第十一期核心知识点自测与详解
运维·笔记·云原生·kubernetes·云计算·k8s·hpa
spider_xcxc2 天前
Redis 深度实践:安全管控、性能压测与持久化分析(二)
运维·前端·redis·云计算·bootstrap·运维开发
得一录2 天前
AutoDL 默认开放并映射公网访问
云计算
JokySue3 天前
外名网深度评测:ICANN认证域名注册商,600多种域名后缀一站搞定
云计算·wordpress·云服务器·域名注册·无代码建站