Launch new EC2 instances， and generate an individual SSiH key for each instance Store the SSH key in AwS Secrets Manager Create a new IAM policy，and attach it to the engineer'IAM role with an Allow statement for the GetSecret Value action Instruct the engineers to fetch the SSH key from Secrets Manager when they connect through any SSH client

Create an AWS Systems Manager document to run commands on EC2 instances to set a new unigue SSlH key Create a new IAM policy，and attach it to the engineers'IAM role with an Alow statement to run Systems Manager documents Instruct the engineers to un the document to set an SSiH key and to connect through any sSH client.

Launch new EC2 instances without setting up any SSlH key for the instances Set up EC2 Instance Connect on each instance Create a new IAM policy ，and attach it to the engineers'IAM role with an Allow statement for the SendsSHPublicKey action Instruct the enginers to connect to the instance by using a browser-based sSH client from the EC2 console

Set up AWS Secrets Manager to store the EC2 SSlH key Create a new AWS Lambda function to create a new SSH key and to call AWS Systems Manager Session Manager to set the SSH key on the EC2 instance Configure Secrets Manager to use the Lambda fumction for automatic rotation once daily Instruct the engineers to fetch the SSlH key from Secrets Manager when they connect through any SSH client