Answer-first summary for fast verification
Answer: Attach the appropriate IAM role to each existing instance and new instance. Use AWS Systems Manager Session Manager to establish a remote SSH session.
## Explanation **Correct Answer: B** AWS Systems Manager Session Manager provides a secure, auditable, and managed way to access EC2 instances without the need for SSH keys, bastion hosts, or VPN connections. Here's why option B is the best choice: ### Key Advantages: 1. **Least Operational Overhead**: Session Manager eliminates the need to manage SSH keys, bastion hosts, or VPN connections. It's fully managed by AWS. 2. **Native AWS Service**: Session Manager is part of AWS Systems Manager, a native AWS service. 3. **Secure by Default**: - Uses IAM for authentication and authorization - All sessions are logged to CloudTrail and S3/CloudWatch Logs - No inbound ports need to be opened on security groups - Encrypted connections using AWS KMS 4. **Repeatable Process**: Simply attach the appropriate IAM role (with SSM permissions) to instances, and they become accessible via Session Manager. 5. **AWS Well-Architected Framework Alignment**: - **Security**: IAM-based access control, encryption, audit logging - **Operational Excellence**: Centralized management, automation-ready - **Reliability**: No single point of failure (unlike bastion hosts) ### Why Other Options Are Not Optimal: **A. EC2 Serial Console**: - Limited functionality (serial console access only) - Not suitable for general administration - Doesn't provide a complete remote access solution **C. Bastion Host with SSH Keys**: - High operational overhead (managing SSH keys, bastion host maintenance) - Security risks (SSH key management, bastion host as single point of failure) - Not fully managed by AWS **D. Site-to-Site VPN with SSH**: - Complex setup and maintenance - Requires on-premises infrastructure - High operational overhead for VPN management - SSH key management challenges ### Implementation Steps for Option B: 1. Ensure EC2 instances have the SSM Agent installed (pre-installed on Amazon Linux 2, Ubuntu, etc.) 2. Attach an IAM role with the `AmazonSSMManagedInstanceCore` policy to instances 3. Configure IAM policies for users who need access 4. Use AWS Management Console, CLI, or SDK to start sessions This solution provides the most secure, scalable, and operationally efficient approach for remote EC2 administration.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
A company recently launched a variety of new workloads on Amazon EC2 instances in its AWS account. The company needs to create a strategy to access and administer the instances remotely and securely. The company needs to implement a repeatable process that works with native AWS services and follows the AWS Well-Architected Framework.
Which solution will meet these requirements with the LEAST operational overhead?
A
Use the EC2 serial console to directly access the terminal interface of each instance for administration.
B
Attach the appropriate IAM role to each existing instance and new instance. Use AWS Systems Manager Session Manager to establish a remote SSH session.
C
Create an administrative SSH key pair. Load the public key into each EC2 instance. Deploy a bastion host in a public subnet to provide a tunnel for administration of each instance.
D
Establish an AWS Site-to-Site VPN connection. Instruct administrators to use their local on-premises machines to connect directly to the instances by using SSH keys across the VPN tunnel.