Answer-first summary for fast verification
Answer: Set up AWS Secrets Manager to store the EC2 SSlH key Create a new AWS Lambda function to create a new SSH key and to call AWS Systems Manager Session Manager to set the SSH key on the EC2 instance Configure Secrets Manager to use the Lambda fumction for automatic rotation once daily Instruct the engineers to fetch the SSlH key from Secrets Manager when they connect through any SSH client
1. Explanation for Answer D: - Set up AWS Secrets Manager to store the EC2 SSH key: This allows for secure storage and management of SSH keys, ensuring that each instance has a unique key. - Create a new AWS Lambda function to create a new SSH key: This function automates the process of generating a new SSH key for each EC2 instance. - Call AWS Systems Manager Session Manager to set the SSH key on the EC2 instance: This step ensures that the newly created SSH key is applied to the EC2 instance, allowing for secure access. - Configure Secrets Manager to use the Lambda function for automatic rotation once daily: This setup ensures that SSH keys are rotated regularly, enhancing security and complying with the company policy. - Instruct the engineers to fetch the SSH key from Secrets Manager when they connect through any SSH client: By fetching the SSH key from Secrets Manager, engineers can access the EC2 instances securely and in compliance with the policy. 2. The other options do not meet all the requirements: - Option A does not address the need for automatic SSH key rotation or logging in AWS CloudTrail. - Option B does not provide a method for storing and managing SSH keys securely, nor does it address the logging requirement. - Option C does not provide a method for generating unique SSH keys for each instance and does not address the logging requirement.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A research company is running daily simulations in the Aws Cloudto meet high demand.The simulations run on several hundred Amazon EC2 instances that are based on Amazon Linux 2 Occasionally ,a simulation gets stuck and requires a cloud operations engineer to solve the problem by connecting to an EC2 instance through SSH.Company policy states that no EC2 instance can use the same SSH key and that all connections must be logged in AWS CloudTrail.How can a solutions architect meet these requirements ?
A
Launch new EC2 instances, and generate an individual SSiH key for each instance Store the SSH key in AwS Secrets Manager Create a new IAM policy,and attach it to the engineer'IAM role with an Allow statement for the GetSecret Value action Instruct the engineers to fetch the SSH key from Secrets Manager when they connect through any SSH client
B
Create an AWS Systems Manager document to run commands on EC2 instances to set a new unigue SSlH key Create a new IAM policy,and attach it to the engineers'IAM role with an Alow statement to run Systems Manager documents Instruct the engineers to un the document to set an SSiH key and to connect through any sSH client.
C
Launch new EC2 instances without setting up any SSlH key for the instances Set up EC2 Instance Connect on each instance Create a new IAM policy ,and attach it to the engineers'IAM role with an Allow statement for the SendsSHPublicKey action Instruct the enginers to connect to the instance by using a browser-based sSH client from the EC2 console
D
Set up AWS Secrets Manager to store the EC2 SSlH key Create a new AWS Lambda function to create a new SSH key and to call AWS Systems Manager Session Manager to set the SSH key on the EC2 instance Configure Secrets Manager to use the Lambda fumction for automatic rotation once daily Instruct the engineers to fetch the SSlH key from Secrets Manager when they connect through any SSH client