A research company is running daily simulations in the Aws Cloudto meet high demand.The simulations run on several hundred Amazon EC2 instances that are based on Amazon Linux 2 Occasionally ，a simulation gets stuck and requires a cloud operations engineer to solve the problem by connecting to an EC2 instance through SSH.Company policy states that no EC2 instance can use the same SSH key and that all connections must be logged in AWS CloudTrail.How can a solutions architect meet these requirements ？

Exam-Like

Launch new EC2 instances， and generate an individual SSiH key for each instance Store the SSH key in AwS Secrets Manager Create a new IAM policy，and attach it to the engineer'IAM role with an Allow statement for the GetSecret Value action Instruct the engineers to fetch the SSH key from Secrets Manager when they connect through any SSH client

6.7%

Create an AWS Systems Manager document to run commands on EC2 instances to set a new unigue SSlH key Create a new IAM policy，and attach it to the engineers'IAM role with an Alow statement to run Systems Manager documents Instruct the engineers to un the document to set an SSiH key and to connect through any sSH client.

33.3%

Launch new EC2 instances without setting up any SSlH key for the instances Set up EC2 Instance Connect on each instance Create a new IAM policy ，and attach it to the engineers'IAM role with an Allow statement for the SendsSHPublicKey action Instruct the enginers to connect to the instance by using a browser-based sSH client from the EC2 console

20.0%

Set up AWS Secrets Manager to store the EC2 SSlH key Create a new AWS Lambda function to create a new SSH key and to call AWS Systems Manager Session Manager to set the SSH key on the EC2 instance Configure Secrets Manager to use the Lambda fumction for automatic rotation once daily Instruct the engineers to fetch the SSlH key from Secrets Manager when they connect through any SSH client

40.0%

AWS Certified Solutions Architect - Professional

Comments

Get started today