AWS SAA-C03 #37

A company recently launched a variety of new workloads on Amazon EC2 instances in its AWS account. The company needs to create a strategy to access and administer the instances remotely and securely. The company needs to implement a repeatable process that works with native AWS services and follows the AWS Well-Architected Framework.

Which solution will meet these requirements with the LEAST operational overhead?

A. Use the EC2 serial console to directly access the terminal interface of each instance for administration.

B. Attach the appropriate IAM role to each existing instance and new instance. Use AWS Systems Manager Session Manager to establish a remote SSH session.

C. Create an administrative SSH key pair. Load the public key into each EC2 instance. Deploy a bastion host in a public subnet to provide a tunnel for administration of each instance.

D. Establish an AWS Site-to-Site VPN connection. Instruct administrators to use their local on-premises machines to connect directly to the instances by using SSH keys across the VPN tunnel.


B. Attach the appropriate IAM role to each existing instance and new instance. Use AWS Systems Manager Session Manager to establish a remote SSH session.

Option B provides a secure and low-operational-overhead solution that aligns with the AWS Well-Architected Framework:

  1. IAM Roles: By attaching the appropriate IAM roles to the instances, you can control access to AWS services and resources. This ensures that only authorized users or systems can interact with the instances.

  2. AWS Systems Manager Session Manager: This service allows you to establish secure, controlled sessions with instances. It doesn't require opening inbound ports in security groups or network access control lists, which improves security.

  3. Least Operational Overhead: Using Systems Manager Session Manager means you don't have to manage additional infrastructure like bastion hosts or VPN connections. It's a managed service provided by AWS, reducing operational overhead.

  4. Secure: The use of IAM roles and Systems Manager for remote access is in line with security best practices, and it provides a controlled and secure method for administrators to access the instances.

Option A (using the EC2 serial console) might be useful in certain scenarios, but it's not suitable for remote administration on a regular basis due to limitations in functionality.

Option C (using a bastion host) adds additional infrastructure that needs to be managed and secured, which increases operational overhead.

Option D (AWS Site-to-Site VPN) is a valid option for connecting on-premises resources to AWS, but it introduces more complexity and overhead than necessary for this scenario, making it less suitable for the requirement of least operational overhead.

相关推荐
容器魔方18 分钟前
Bloomberg 正式加入 Karmada 用户组!
云原生·容器·云计算
AKAMAI18 小时前
Sport Network 凭借 Akamai 实现卓越成就
人工智能·云原生·云计算
10岁的博客1 天前
《云计算如何驱动企业数字化转型:关键技术与实践案例》
云计算
m0_694845572 天前
教你使用服务器如何搭建数据库
linux·运维·服务器·数据库·云计算
shinelord明2 天前
【数据行业发展】可信数据空间~数据价值的新型基础设施
大数据·架构·云计算·创业创新
XINVRY-FPGA2 天前
XCKU15P-2FFVA1760I AMD 赛灵思 Xilinx Kintex UltraScale+ FPGA
arm开发·嵌入式硬件·阿里云·fpga开发·云计算·硬件工程·fpga
王道长服务器 | 亚马逊云2 天前
一个迁移案例:从传统 IDC 到 AWS 的真实对比
java·spring boot·git·云计算·github·dubbo·aws
世间小小鱼2 天前
【爬坑指南】亚马逊文件中心 AWS S3 预签名URL 前端直传
前端·云计算·aws
TG_yunshuguoji2 天前
亚马逊云代理商:AWS亚马逊云的独特优势与实用价值
服务器·云计算·aws
阿雄不会写代码2 天前
AWS strands agents 当智能体作为独立服务/容器部署时,它们无法共享进程内状态
云计算·aws