Answer: Publish VPC flow logs to Amazon CloudWatch Logs. Create required metric filters. Create an Amazon CloudWatch metric alarm with a notification action for when the alarm is in the ALARM state.

## Explanation **Option C is the correct answer** because it provides a comprehensive solution for detecting RDP/SSH access: 1. **VPC Flow Logs** capture network traffic information, including source/destination IPs, ports, and protocols 2. **CloudWatch Logs Metric Filters** can be configured to search for specific patterns like RDP (port 3389) or SSH (port 22) connections 3. **CloudWatch Alarms** can trigger notifications when the metric indicates RDP/SSH access 4. **SNS Notifications** can alert the operations team when the alarm triggers **Why other options are incorrect:** - **Option A**: Amazon CloudWatch Application Insights is designed for application performance monitoring and troubleshooting, not specifically for detecting network access patterns. - **Option B**: IAM instance profiles and the AmazonSSMManagedInstanceCore policy enable Systems Manager session management but don't provide notification capabilities for RDP/SSH access detection. - **Option D**: EC2 Instance State-change Notifications track instance state changes (running, stopped, terminated) but don't monitor specific network connections like RDP/SSH access. **Key AWS Services Used:** - VPC Flow Logs for network traffic logging - Amazon CloudWatch Logs for log aggregation - CloudWatch Metric Filters for pattern detection - CloudWatch Alarms for alerting - Amazon SNS for notifications This solution provides real-time monitoring of network access patterns across all VPCs, ensuring the operations team is notified whenever RDP or SSH connections are established to any demonstration environment.

Author: LeetQuiz Editorial Team