AWS Certified Solutions Architect – Associate (SAA-C03) — Question 253

A company runs demonstration environments for its customers on Amazon EC2 instances. Each environment is isolated in its own VPC. The company’s operations team needs to be notified when RDP or SSH access to an environment has been established.

Answer options

• A. Configure Amazon CloudWatch Application Insights to create AWS Systems Manager OpsItems when RDP or SSH access is detected.
• B. Configure the EC2 instances with an IAM instance profile that has an IAM role with the AmazonSSMManagedInstanceCore policy attached.
• C. Publish VPC flow logs to Amazon CloudWatch Logs. Create required metric filters. Create an Amazon CloudWatch metric alarm with a notification action for when the alarm is in the ALARM state.
• D. Configure an Amazon EventBridge rule to listen for events of type EC2 Instance State-change Notification. Configure an Amazon Simple Notification Service (Amazon SNS) topic as a target. Subscribe the operations team to the topic.

Correct answer: C

Explanation

The correct answer is C because publishing VPC flow logs to CloudWatch Logs allows for monitoring of RDP and SSH traffic, and setting up metric filters and alarms provides the necessary notifications. Option A does not directly detect RDP or SSH connections, option B focuses on instance management rather than access monitoring, and option D relates to instance state changes rather than specific connection events.