Explanation:
Systems Manager Session Manager provides secure interactive access without SSH, with built-in logging of commands and output streamed to CloudWatch Logs or S3. Centralized, no bastion, scalable for thousands, with metric filters for alarms. Most efficient.
Ultimate access to all questions.
No comments yet.
A company needs to record all commands and output from interactive sessions on thousands of Amazon Linux 2 EC2 instances, store logs durably, and provide automated notifications and alarms. Which solution has MOST operational efficiency?
A
Configure command session logging on each EC2 instance; use CloudWatch agent to send logs to CloudWatch Logs; use Athena for alerts.
B
Require a central bastion host; use CloudWatch agent on bastion; set up metric filter and alarm.
C
Require all users to use AWS Systems Manager Session Manager; stream session logs to CloudWatch Logs; set up metric filter and alarm.
D
Configure session logging on each instance; require Run Command documents; use CloudWatch agent + Athena-based alarms.