AWS SAA-C03 #37

A company recently launched a variety of new workloads on Amazon EC2 instances in its AWS account. The company needs to create a strategy to access and administer the instances remotely and securely. The company needs to implement a repeatable process that works with native AWS services and follows the AWS Well-Architected Framework.

Which solution will meet these requirements with the LEAST operational overhead?

A. Use the EC2 serial console to directly access the terminal interface of each instance for administration.

B. Attach the appropriate IAM role to each existing instance and new instance. Use AWS Systems Manager Session Manager to establish a remote SSH session.

C. Create an administrative SSH key pair. Load the public key into each EC2 instance. Deploy a bastion host in a public subnet to provide a tunnel for administration of each instance.

D. Establish an AWS Site-to-Site VPN connection. Instruct administrators to use their local on-premises machines to connect directly to the instances by using SSH keys across the VPN tunnel.


B. Attach the appropriate IAM role to each existing instance and new instance. Use AWS Systems Manager Session Manager to establish a remote SSH session.

Option B provides a secure and low-operational-overhead solution that aligns with the AWS Well-Architected Framework:

  1. IAM Roles: By attaching the appropriate IAM roles to the instances, you can control access to AWS services and resources. This ensures that only authorized users or systems can interact with the instances.

  2. AWS Systems Manager Session Manager: This service allows you to establish secure, controlled sessions with instances. It doesn't require opening inbound ports in security groups or network access control lists, which improves security.

  3. Least Operational Overhead: Using Systems Manager Session Manager means you don't have to manage additional infrastructure like bastion hosts or VPN connections. It's a managed service provided by AWS, reducing operational overhead.

  4. Secure: The use of IAM roles and Systems Manager for remote access is in line with security best practices, and it provides a controlled and secure method for administrators to access the instances.

Option A (using the EC2 serial console) might be useful in certain scenarios, but it's not suitable for remote administration on a regular basis due to limitations in functionality.

Option C (using a bastion host) adds additional infrastructure that needs to be managed and secured, which increases operational overhead.

Option D (AWS Site-to-Site VPN) is a valid option for connecting on-premises resources to AWS, but it introduces more complexity and overhead than necessary for this scenario, making it less suitable for the requirement of least operational overhead.

相关推荐
荣光波比13 小时前
Shell 秘典(卷十)—— 服务器资源自动化监控脚本的设计与实现
运维·服务器·自动化·云计算
西猫雷婶21 小时前
STAR-CCM+|雷诺数回顾
云计算
Amy_au1 天前
Dotnet 项目手动部署到AWS 和Github action CICD 流程总结
云计算·aws
Hi202402171 天前
基于阿里云部署 RustDesk 自托管服务器
运维·服务器·阿里云·云计算·远程控制·远程桌面
我不是小upper1 天前
使用 Terraform、AWS 和 Python 构建无服务器实时数据管道
serverless·aws·terraform
Tadas-Gao1 天前
阿里云通义MoE全局均衡技术:突破专家负载失衡的革新之道
人工智能·架构·大模型·llm·云计算
腾讯云大数据2 天前
IDC MarketScape:腾讯云位居国内生成式AI数据基础设施“领导者”象限
人工智能·云计算·腾讯云
三味神风2 天前
Linux系统安全加固:构建云计算安全的第一道防线
安全·云计算·系统安全
TG_yunshuguoji2 天前
阿里云国际代理:阿里云的云数据库是什么?
服务器·数据库·安全·阿里云·云计算
守.护3 天前
云计算学习笔记——日志、SELinux、FTP、systemd篇
linux·云计算·ftp·selinux