AWS Certified Cloud Practitioner — Question 30

A company wants to improve its security and audit posture by limiting Amazon EC2 inbound access.
What should the company use to access instances remotely instead of opening inbound SSH ports and managing SSH keys?

Answer options

• A. EC2 key pairs
• B. AWS Systems Manager Session Manager
• C. AWS Identity and Access Management (IAM)
• D. Network ACLs

Correct answer: B

Explanation

The correct answer, AWS Systems Manager Session Manager, allows secure and auditable remote access to EC2 instances without the need for open SSH ports or managing keys. In contrast, EC2 key pairs are used for SSH access and do not eliminate the need for open ports, IAM is focused on permissions management rather than direct access, and Network ACLs are used for controlling traffic but do not provide a method for remote access.