AWS SAA-C03 #37

A company recently launched a variety of new workloads on Amazon EC2 instances in its AWS account. The company needs to create a strategy to access and administer the instances remotely and securely. The company needs to implement a repeatable process that works with native AWS services and follows the AWS Well-Architected Framework.

Which solution will meet these requirements with the LEAST operational overhead?

A. Use the EC2 serial console to directly access the terminal interface of each instance for administration.

B. Attach the appropriate IAM role to each existing instance and new instance. Use AWS Systems Manager Session Manager to establish a remote SSH session.

C. Create an administrative SSH key pair. Load the public key into each EC2 instance. Deploy a bastion host in a public subnet to provide a tunnel for administration of each instance.

D. Establish an AWS Site-to-Site VPN connection. Instruct administrators to use their local on-premises machines to connect directly to the instances by using SSH keys across the VPN tunnel.


B. Attach the appropriate IAM role to each existing instance and new instance. Use AWS Systems Manager Session Manager to establish a remote SSH session.

Option B provides a secure and low-operational-overhead solution that aligns with the AWS Well-Architected Framework:

  1. IAM Roles: By attaching the appropriate IAM roles to the instances, you can control access to AWS services and resources. This ensures that only authorized users or systems can interact with the instances.

  2. AWS Systems Manager Session Manager: This service allows you to establish secure, controlled sessions with instances. It doesn't require opening inbound ports in security groups or network access control lists, which improves security.

  3. Least Operational Overhead: Using Systems Manager Session Manager means you don't have to manage additional infrastructure like bastion hosts or VPN connections. It's a managed service provided by AWS, reducing operational overhead.

  4. Secure: The use of IAM roles and Systems Manager for remote access is in line with security best practices, and it provides a controlled and secure method for administrators to access the instances.

Option A (using the EC2 serial console) might be useful in certain scenarios, but it's not suitable for remote administration on a regular basis due to limitations in functionality.

Option C (using a bastion host) adds additional infrastructure that needs to be managed and secured, which increases operational overhead.

Option D (AWS Site-to-Site VPN) is a valid option for connecting on-premises resources to AWS, but it introduces more complexity and overhead than necessary for this scenario, making it less suitable for the requirement of least operational overhead.

相关推荐
胖胖雕1 天前
利用阿里云与docker部署Certimate
阿里云·docker·云计算
AliCloudROS1 天前
一次真实录屏:我只说每月别超过 200 块,小程序后端就搭好了
运维·人工智能·云计算
buligbulig1 天前
如何在云计算中使用虚拟磁盘?
云计算
赛博三把手2 天前
Claude Fable 5 API 调用完整指南:官方、AWS、OpenRouter 与中转平台对比(2026 最新)
网络·云计算·aws
weixin_462901972 天前
从零跑通:阿里云 ECS + 百炼 MaaS 大模型答题卡识别全流程
阿里云·云计算
tiancaijiben2 天前
阿里云ECS云服务器部署Vue打包静态网站:Nginx路由重定向完整配置
云计算
我是伪码农2 天前
页面ai调用(阿里云)
阿里云·云计算
爆落千玄3 天前
从0训练LLM原理解析
阿里云·云计算
淘源码A3 天前
多院区集团化云PACS系统源码,原生兼容国产软硬件环境
java·云计算·源码·saas·pacs·医学影像系统
leijiwen4 天前
Bsin-PaaS(毕昇)——LinkLifeVerse OS 的产业智能工程底座
云原生·云计算·paas