AWS Certified Solutions Architect – Associate (SAA-C03) — Question 29

A company recently launched a variety of new workloads on Amazon EC2 instances in its AWS account. The company needs to create a strategy to access and administer the instances remotely and securely. The company needs to implement a repeatable process that works with native AWS services and follows the AWS Well-Architected Framework.
Which solution will meet these requirements with the LEAST operational overhead?

Answer options

• A. Use the EC2 serial console to directly access the terminal interface of each instance for administration.
• B. Attach the appropriate IAM role to each existing instance and new instance. Use AWS Systems Manager Session Manager to establish a remote SSH session.
• C. Create an administrative SSH key pair. Load the public key into each EC2 instance. Deploy a bastion host in a public subnet to provide a tunnel for administration of each instance.
• D. Establish an AWS Site-to-Site VPN connection. Instruct administrators to use their local on-premises machines to connect directly to the instances by using SSH keys across the VPN tunnel.

Correct answer: B

Explanation

Option B is the most efficient solution as it leverages AWS Systems Manager Session Manager, which does not require any inbound ports to be opened and minimizes operational overhead. Options A and C involve more manual configurations and management, while option D requires maintaining a VPN connection, adding complexity and potential security issues.